F-Secure has patched a vulnerability that could possibly be used to run unauthorized code on its e-mail and Internet gateway server software.Two of the company\u2019s products are affected by the flaw, which was patched Thursday: Secure\u2019s Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper, versions 6.40, 6.41, 6.42 and 6.50.The bug affects the Web-based management console software used by these servers, said Mikko Hypponen, manager of antivirus research at F-Secure. By sending specially crafted messages to the Web console, a hacker could crash it.This software is typically set to accept only connections from trusted computers, such as the workstation of the network administrator responsible for the server, but it can be configured to accept connections from any computer. F-Secure rates this bug as critical in this latter configuration.The flaw was discovered by a legitimate security researcher, Mikko Korppi, who notified F-Secure of the problem. The company does not know of any attackers who have exploited the problem.Still, because the flaw is due to a "buffer overflow" condition, where the software ends up storing information in unexpected parts of the computer\u2019s memory, it could theoretically be used by attackers to run unauthorized software on unpatched servers, Hypponen said.F-Secure isn\u2019t the only security vendor to patch its software of late. On Saturday, Symantec published a fix for a widely reported flaw in its corporate antivirus client software.-Robert McMillan, IDG News ServiceFor related news coverage, read F-Secure Partners With ISPs on Security Services.Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.