• info
• discussion
• exploit
• solution
• references

F-Secure Anti-Virus Client Security Local Format String Vulnerability

F-Secure Anti-Virus Client Security is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function.

Successfully exploiting this vulnerability may allow an attacker to access sensitive process memory or to crash the application. Code execution may potentially be possible, but this has not been confirmed.