Denial-of-Service (DoS) Vulnerability

Vulnerability

A Denial-of-Service (DoS) vulnerability exists in the aegen.dll component of F-Secure and WithSecure security products. When the scanning engine processes a specially crafted PE (Portable Executable) file, it enters an infinite loop during the unpacking routine, causing the scanning engine to crash. The affected products include various F-Secure and WithSecure endpoint protection suites, though specific version ranges are not disclosed in the available references [1].

Exploitation

An attacker can trigger this vulnerability remotely by delivering a malicious PE file to the target system. No special authentication or local access is required; the attack is successful if the target product scans the crafted PE file, such as through email gateway scanning, on-access file scanning, or manual scan. The attacker does not need user interaction beyond the normal operation of the security software [1].

Impact

Successful exploitation leads to a crash of the scanning engine, resulting in a denial of service. The security product may fail to detect subsequent threats until the service is restarted. This indirectly impairs the confidentiality and integrity protections offered by the software, as the system is left temporarily unprotected during the crash. There is no direct remote code execution or data exfiltration, but the availability of the security service is compromised [1].

Mitigation

F-Secure and WithSecure have released updates to address this vulnerability. Customers should apply the latest product updates and engine updates provided by the vendor. The advisory reference [1] directs users to the official security advisory page for specific information. No workaround is detailed; applying the patch is the recommended mitigation. The vulnerability is not listed as a known exploited vulnerability (KEV) at the time of publication.