CVE-2013-7369

Name of the Vulnerable Software and Affected Versions F-Secure Anti-Virus for Microsoft Exchange Server versions prior to HF02 F-Secure Anti-Virus for Windows Servers 9.00 versions prior to HF09 F-Secure Anti-Virus for Citrix Servers 9.00 versions prior to HF09 F-Secure Email and Server Security 9.20 versions prior to HF01 F-Secure Server Security 9.20 versions prior to HF01

Description The issue allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to the GetCommand function. This is a result of a SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control.

Recommendations For F-Secure Anti-Virus for Microsoft Exchange Server versions prior to HF02, update to a version that includes HF02 or later. For F-Secure Anti-Virus for Windows Servers 9.00 versions prior to HF09, update to a version that includes HF09 or later. For F-Secure Anti-Virus for Citrix Servers 9.00 versions prior to HF09, update to a version that includes HF09 or later. For F-Secure Email and Server Security 9.20 versions prior to HF01, update to a version that includes HF01 or later. For F-Secure Server Security 9.20 versions prior to HF01, update to a version that includes HF01 or later.