LiveActive security incident?Get immediate response
CVE Record

CVE-2010-1425: F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEs...

F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for Consumers 9 and earlier, for Business - Workstation security 9 and earlier, for Business - Server Security 8 and earlier, and for E-mail and Server security 9 and earlier; Mac Protection build 8060 and earlier; Client Security 9 and earlier; and various Anti-Virus products for Windows, Linux, and Citrix; does not properly detect malware in crafted (1) 7Z, (2) GZIP, (3) CAB, or (4) RAR archives, which makes it easier for remote attackers to avoid detection.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysis

Security readout for executives and security teams

This CVE is a malware-detection bypass in many older F-Secure consumer, server, email, gateway, Mac, Linux, Citrix, and Exchange products. Crafted 7Z, GZIP, CAB, or RAR archives could make malicious content easier to pass through scanning. The main business risk is reduced protection where these legacy products are still trusted for email, gateway, or endpoint filtering. Exposure is most likely in legacy environments still running F-Secure Internet Security 2010-era products, F-Secure email/security gateway products, or older Exchange/MIMEsweeper integrations. Modern environments are likely unaffected if these products were upgraded or retired, but inventory should confirm that assumption. Prioritize this if legacy F-Secure products still protect email gateways, Exchange servers, or endpoints. The issue weakens malware filtering rather than directly granting access, but it can undermine a critical prevention layer. If no affected products remain, close with evidence from asset inventory. Mitigation focus: Inventory F-Secure endpoint, mail, gateway, server, Mac, Linux, and Citrix deployments.; Review F-Secure advisory FSC-2010-1 for vendor-approved updates or upgrade guidance.; Upgrade or retire unsupported F-Secure products named in the CVE description..

Prepared

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2010-1425 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
1Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.