|
Security Alert March 16, 2005
My Firewall Plus has a vulnerability that can be exploited by local users to corrupt arbitrary files.
Cause
The vulnerability is caused by the "Smc.exe" process. This process invokes the Log Viewer's export functionality without dropping SYSTEM privileges. This functionality can be exploited to corrupt arbitrary files on the system with logging information.
Resolution
Download and install the repair for this from the following link.
NOTE: Before applying the patch, shut down My Firewall Plus.
MFP_Patch.exe
This will resolve the issue.
Problems downloading the patch?
If you are experiencing difficulty downloading or opening the patch, visit: http://www.webroot.com/downloads/introtodownloading/
We would like to thank Secunia for bringing this vulnerability to our attention in a responsible manner and for working with us to protect our customers. Read Secunia's advisory here: http://secunia.com/advisories/13577/
|