CVE-2013-7369 Information

Description

SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02 Anti-Virus for Windows Servers 9.00 before HF09 Anti-Virus for Citrix Servers 9.00 before HF09 and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to GetCommand.

Reference

http://www.f-secure.com/en/web/labs_global/fsc-2013-1 http://www.zerodayinitiative.com/advisories/ZDI-13-095/