F-Secure has announced that it is possible to create specially crafted ZIP archives that cause a buffer overflow in many versions of their anti-virus products. This allows an attacker to execute code of his choice on affected systems. It is in addition possible to create malformed RAR- and ZIP-archives that cannot be scanned properly. This can lead to a false negative scan result.
Patches have been released, users of F-Secure Internet Security 2004 – 2006, F-Secure Anti-Virus 2004 – 2006, and F-Secure Personal Express have been updated automatically.
F-Secure Corporation thanks Thierry Zoller for bringing this issue to their attention.