|
Brought to you by:
Suppliers of:
|
|
|
| |
| Improper parsing of the PDF structure leads to evasion of detection of malicious PDF documents at scantime and runtime. This has been tested with several malicious PDF files and represents a generic evasion of all PDF signatures and heuristics. |
| |
Credit:
The information has been provided by Thierry Zoller.
|
| |
Vulnerable Systems:
* F-Secure Internet Security 2009 and earlier
* F-Secure Anti-Virus 2009 and earlier
* F-Secure Home Server Security 2009
* Solutions based on F-Secure Protection Service for Consumers version 8.00 and earlier
* Solutions based on F-Secure Protection Service for Business Workstation security version 8.00 and earlier
* Solutions based on F-Secure Protection Service for Business E-mail and Server security version 8.00 and earlier
* F-Secure Client Security 8.01 and earlier
* F-Secure Anti-Virus for Workstations 8.0 and earlier
* F-Secure Anti-Virus for Windows Servers 8.00 and earlier
* F-Secure Linux Security 7.02 and earlier
* F-Secure Anti-Virus Linux Client Security 5.54 and earlier
* F-Secure Anti-Virus Linux Server Security 5.54 and earlier
* F-Secure Anti-Virus for Linux Servers 4.65
* F-Secure Anti-Virus for Microsoft Exchange 8.00 and earlier
* F-Secure Internet Gatekeeper for Windows 6.61 and earlier
* F-Secure Internet Gatekeeper for Linux 3.02 and earlier
* F-Secure Internet Gatekeeper for Linux Japanese 2.37 and earlier
* F-Secure Anti-Virus for Citrix Servers 7.00 and earlier
* F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier
Known PDF exploits/malware may evade signature detection, 0day exploits may evade heuristics.
Disclosure Timeline:
15.05.2009 - Reported to F-Secure
12.07.2009 - Patches deployed automatically, F-Secure waits to coordinate public disclosure
27.10.2009 - G-SEC releases this advisory
|
|
|
|
|
