Two major security software vendors have released patches for flaws in their own offerings.
F-Secure and Trend Micro have posted updates to address vulnerabilities which could leave customers vulnerable to attack.
Trend Micro issued a fix for its OfficeScan product in which an attacker could use a malformed HTTP request to cause a buffer overflow in the software's server CGI model.
A successful exploit could allow an attacker to remotely execute code on the targeted system.
F-Secure, meanwhile, has released an update which corrects an issue in its Internet Security, Anti-Virus, Linux and Protection Service product families as well as several F-Secure server and gateway offerings.
The issue stems from an error which occurs when the software is not set to scan compressed files.
An attacker could use a specially-crafted compressed file to trigger a buffer overflow error and gain complete control at the system level of a targeted machine and execute arbitrary code.
The US Computer Emergency Response Team is advising users and administrators of all of the affected security products to install the patches as soon as possible.
Major security firms caught napping
By
Shaun Nichols
on Oct 27, 2008 9:55AM
F-Secure and Trend Micro forced to patch flaws in their own software.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Promoted Content
How Australian developers modernised companies' communications during the pandemic
Promoted Content
Why there is no upside to sending data offshore for storage
Promoted Content
Five ways Russian cybercrime tactics have changed
Promoted Content
IT’s control over digital infrastructure is slipping, reports The Economist Intelligence Unit
Sponsored Whitepapers
The 5 steps to effective data protection
Understanding the next security control points: applications and workloads
Best security practices after rapid Digital Transformation
The CISO View 2021 Survey: Zero Trust and Privileged Access
How and why to backup your Office 365 tenant
