Description
F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection.
Product(s):
- F-Secure Anti-Virus 6.30 for MS Exchange
- F-Secure Anti-Virus 6.30 SR1 for MS Exchange
- F-Secure Anti-Virus 6.31 for MS Exchange
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-2220, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-2220 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.