Security firm F-Secure has issued patches for critical flaws in 18 of its antivirus products that fix a vulnerability in the scanning of RAR and ZIP archives for malicious code. Both Windows and Linux based tools are affected, and F-Secure recommends installing the fix immediately.
"It is possible to create specially crafted ZIP archives that cause a buffer overflow. This allows an attacker to execute code of his choice on affected systems," the company said in an advisory. "It is in addition possible to create malformed RAR- and ZIP-archives that cannot be scanned properly. This can lead to a false negative scan result."