[ISN] Flaw found in Kaspersky antivirus

InfoSec News isn at c4i.org
Tue Oct 4 01:49:57 EDT 2005


http://beta.news.com.com/Flaw+found+in+Kaspersky+antivirus/2100-1002_3-5887857.html

By Joris Evers 
Staff Writer, CNET News.com
October 3, 2005

A "critical" flaw in Kaspersky Lab's antivirus software could let an
attacker commandeer systems that use the products, a security
researcher warned Monday.

The problem lies in Kaspersky's antivirus library, security researcher
Alex Wheeler wrote in an advisory (download PDF of advisory here) [1].  
The vulnerability likely affects multiple Kaspersky products on
various platforms because the library is used throughout the company's
consumer and corporate software, he said.

Additionally, third-party products that use Kaspersky's antivirus
technology could also be vulnerable, Wheeler said.
 
A remote attacker could exploit the heap overflow flaw by sending a
malformed CAB file--a compression file--to a vulnerable system, the
French Security Incident Response Team said in an advisory. The CAB
file could be sent in an e-mail, for example, and once the Kaspersky
antivirus scanner had accepted it, the malicious code would be in the
system. No user interaction is required, Wheeler said. FrSirt
describes the issue as "critical," its highest rating.

A representative for Kaspersky in Moscow could not immediately comment
on the issue and said that the Russian company would need to
investigate.

Antivirus software is like low-hanging fruit to hackers, Yankee Group
analysts wrote in a research paper released earlier this year. As the
pool of easily exploitable security bugs in Microsoft Windows dries
up, attackers are looking to security software for holes to get into
systems, the analysts said.

At the Black Hat Briefings security conference this summer,
researchers at Internet Security Systems outlined vulnerabilities in
antivirus products. ISS has discovered bugs in products from security
software makers including Symantec, McAfee, Trend Micro and F-Secure.

Copyright ©1995-2005 CNET Networks, Inc. All rights reserved.

[1] http://www.rem0te.com/public/images/kaspersky.pdf





More information about the ISN mailing list