CVE-2013-7369

high

Published 2014-04-18 · Modified 2026-05-06

CVSS v3

—

CVSS v2

7.5

VIR risk

7.5

Description

SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.f-secure.com/en/web/labs_global/fsc-2013-1

Application impact

Vendor	Product	Versions
f-secure	anti-virus	`9.00`
f-secure	anti-virus	`9.10`
f-secure	email_and_server_security	`9.20`
f-secure	server_security	`9.20`

References

http://www.f-secure.com/en/web/labs_global/fsc-2013-1
http://www.zerodayinitiative.com/advisories/ZDI-13-095/
http://www.f-secure.com/en/web/labs_global/fsc-2013-1
http://www.zerodayinitiative.com/advisories/ZDI-13-095/

CWEs

CWE-89

Verify integrity in audit chain (admin only). AS-IS.