CVE-2004-2405

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

31/12/2004

Last modified:

11/07/2017

Description

Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive.

Impact

Vector 2.0

AV:N/AC:L/Au:N/C:N/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 6.40 MEDIUM
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): None
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0

6.40

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:f-secure:f-secure_anti-virus:::linux:::::*		4.52 (including)
cpe:2.3:a:f-secure:f-secure_anti-virus:::mimesweeper:::::*		5.42 (including)
cpe:2.3:a:f-secure:f-secure_anti-virus:::windows_servers:::::*		5.42 (including)
cpe:2.3:a:f-secure:f-secure_anti-virus:::workstations:::::*		5.42 (including)
cpe:2.3:a:f-secure:f-secure_anti-virus:::client_security:::::*		5.52 (including)
cpe:2.3:a:f-secure:f-secure_anti-virus:::ms_exchange:::::*		6.21 (including)
cpe:2.3:a:f-secure:f-secure_anti-virus::::::::		2004 (including)
cpe:2.3:a:f-secure:f-secure_anti-virus:4.60::samba_servers:::::
cpe:2.3:a:f-secure:f-secure_for_firewalls::::::::		6.20 (including)
cpe:2.3:a:f-secure:f-secure_internet_security::::::::		2004 (including)
cpe:2.3:a:f-secure:internet_gatekeeper::::::::		6.32 (including)

To consult the complete list of CPE names with products and versions, see this page

CVE-2004-2405

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools