|
Several F-Secure products have a buffer overflow vulnerability in processing LHA archives. This may allow an attacker to execute arbitrary code or to create a denial-of-service condition. This vulnerability is related to a similar vulnerability in GZIP program's handling of LZH-compressed archives.
For more information, please see F-Secure Security Bulletin FSC-2007-1.
There are hotfixes available to remove the vulnerability.
|