CVE-2010-3499

Name of the Vulnerable Software and Affected Versions F-Secure Anti-Virus (affected versions not specified)

Description The issue arises from the improper interaction between F-Secure Anti-Virus and the Microsoft Help and Support Center's processing of hcp:// URLs. This makes it easier for remote attackers to execute arbitrary code via malware, even if the malware is correctly detected by the product. The detection approach occurs too late to stop the code execution. It has been noted that the vendor response attributes the inability to catch these files to lacking functionality rather than programming errors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.