CVE-2023-47263

Vulnerability

A denial-of-service (DoS) vulnerability exists in the antivirus engine of multiple WithSecure products when scanning a specially crafted (fuzzed) PE32 file. The affected products include WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later [1].

Exploitation

An attacker can trigger the vulnerability remotely by delivering a fuzzed PE32 file to the target system, for example via email attachment or web download. When the WithSecure antivirus engine scans the malicious file, it crashes, causing a denial of service. No authentication or special privileges are required beyond the ability to have the file scanned by the affected product [1].

Impact

Successful exploitation results in a denial of service of the antivirus engine, leaving the system temporarily unprotected until the engine is automatically or manually restarted. No code execution, privilege escalation, or data compromise has been reported [1].

Mitigation

WithSecure has released security updates to address this vulnerability. Affected users should apply the latest updates from WithSecure as detailed in the advisory [1]. No workarounds are documented. As of the publication date, no active exploitation in the wild has been observed [1].