Multiple Denial of Service Vulnerability

Vulnerability

The vulnerability resides in the aerdl.dll unpacker handler function used by F-Secure and WithSecure endpoint protection products on Windows and Mac. When processing a specially crafted file, the handler crashes, leading to a denial of service. Affected versions include all F-Secure endpoint protection products for Windows and Mac, as well as corresponding WithSecure products. [1]

Exploitation

An attacker can exploit this vulnerability by providing a malicious file that triggers the crash in the aerdl.dll unpacker. No authentication or user interaction is required beyond the file being scanned by the affected product. The attacker does not need network access if the file is delivered via email, web download, or other means that the product scans.

Impact

Successful exploitation results in a denial of service (DoS) condition where the scanning engine crashes. This prevents the product from scanning files, potentially leaving the system unprotected until the engine is restarted. The crash does not lead to code execution or privilege escalation.

Mitigation

F-Secure and WithSecure have released updates to address this vulnerability. Users should update their endpoint protection products to the latest versions. The advisory [1] lists the CVE with a date of 2022-09-30, indicating a fix was available by that date. No workarounds are documented; updating is the recommended mitigation.