F-Secure publishes hotfix on security vulnerability in DLL component
F-Secure has published a hotfix regarding a security vulnerability in a legacy DLL component.
Under certain circumstances, affected products may allow arbitrary connections to the ODBC drivers, leading to remote code execution.
Affected products and versions:
- F-Secure Anti-Virus for Microsoft Exchange Server 9.00 - 9.10
- F-Secure Anti-Virus for Windows Servers 9.00
- F-Secure Anti-Virus Citrix Servers 9.00
- F-Secure Email and Server Security 9.20
- F-Secure Server Security 9.20
- Solutions based on F-Secure Protection Service for Business Email and Server Security 9.00 - 9.20 (automatically updated)
- Solutions based on F-Secure Protection Service for Business Server Security 9.00 - 9.20 (automatically updated)
For more information on the hotfix, refer to the Security Advisory FSC-2013-1.
Feel free to post questions or discuss about this hotfix in this thread.