These days antivirus companies are having tough time. Be it detection of attacks or rising malware, it seems a tough era for them. Sophos antivirus had tough notch with Google security engineer Mr. Tavis Ormandy openly criticizing its detection policy which was fair at some extents. F-Secure too had an embarrassing moment. It has patched a remote code execution vulnerability that affected several of its security products and exposed users to drive-by download attacks. The vulnerability was notified by Mr. Anil Aphale a.k.a 41.w4r10r, an Information security consultant from India. The vulnerability was located in the F-Secure Gadget Resource Handler ActiveX Control (fsresh.dll)
Vulnerability management vendor Secunia rates the vulnerability as highly “critical”. The vulnerability can be exploited by tricking victims into visiting a specially-crafted web page using Internet Explorer. F-Secure Anti-Virus 2010 and 2011, F-Secure Internet Security 2010 and 2011, as well as products based on F-Secure Protection Service for Consumers version 9 and F-Secure Protection Service for Business – Workstation security version 9 are affected by this flaw. The Secunia advisory can be read here. The exploit code has been made public and can be accessed from any exploit repository. This brilliant piece of work from Mr. Aphale shows that even antivirus products can suffer from critical security vulnerabilities.