Fortinet Discovers F-Secure Email and Server Security DLL Preloading Vulnerability
Fortinet's FortiGuard Labs has discovered a DLL preloading vulnerability in F-Secure's F-Secure Email and Server Security.
F-Secure Email and Server Security provides protection for Microsoft Windows Server, Microsoft SharePoint Server, Microsoft Exchange Server, Microsoft Small Business Server, Citrix XenApp, and Windows Terminal servers. It provides virus & spyware protection, DeepGuard, Web traffic scanning, Browsing protection, Anti-Virus for Microsoft Exchange, Spam Control, Email Quarantine Manager, Offload scanning agent for virtual environments and Anti-Virus for Microsoft SharePoint.
F-Secure Email and Server Security for Windows is susceptible to a DLL preloading vulnerability. The issue occurs when the application looks to load a DLL for execution and an attacker provides a malicious DLL to use instead. The application generally follows a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
Users should apply the solution provided by F-Secure.
Fortinet reported the vulnerability to F-Secure on June 16, 2017.
F-Secure confirmed the vulnerability on June 29, 2017.
F-Secure patched the vulnerability on July 17, 2017.