View Single Post
  #1  
Old 4th Oct 05, 11:30 AM
NewsBot's Avatar
NewsBot NewsBot is offline
Senior Member
 
Join Date: Oct 2004
Posts: 31,559
NewsBot will become famous soon enough
Flaw found in Kaspersky antivirus
A 'critical' flaw in Kaspersky Lab's antivirus software could let an attacker commandeer systems that use the products, a security researcher warned on Monday.

The problem lies in Kaspersky's antivirus library, security researcher Alex Wheeler wrote in an advisory. The vulnerability likely affects multiple Kaspersky products on various platforms because the library is used throughout the company's consumer and corporate software, he said.

Additionally, third-party products that use Kaspersky's antivirus technology could also be vulnerable, Wheeler said.

A remote attacker could exploit the heap overflow flaw by sending a malformed CAB file -- a compression file -- to a vulnerable system, the French Security Incident Response Team said in an advisory. The CAB file could be sent in an e-mail, for example, and once the Kaspersky antivirus scanner had accepted it, the malicious code would be in the system. No user interaction is required, Wheeler said. FrSirt describes the issue as "critical," its highest rating.

News source: ZDNet AustraliaRead full story...


News source: Full Story
Reply With Quote