News

Security Flaw in Kaspersky Antivirus

By Nate Mook | Published October 4, 2005, 3:20 PM

UPDATED A security researcher has uncovered a critical security flaw in Kaspersky Anti-Virus that could allow an attacker to take control of a vulnerable system. The problem lies in a component used to open CAB files, which can be exploited using a buffer overflow.

According to an advisory issued by Alex Wheeler, a malformed CAB file could be sent via e-mail, and when opened by Kaspersky Antivirus for processing the PC could be compromised.

Security firm Secunia has rated the flaw "Highly Critical" and notes that other Kaspersky software may also be vulnerable due to the component being reused across multiple products.

In a statement on its Web site, Kaspersky acknowledged the existence of the flaw but downplayed the potential risk to end users.

"The actual threat posed by the CAB vulnerability is minimal and cannot affect the level of antivirus protection provided by Kaspersky Lab products," the company said.

Nonetheless, Kaspersky has worked quickly to resolve the problem. Antivirus definitions released on September 29 onward include a check for such an attack. The company has also completed on an emergency update to its product line to fix the affected CAB module.

The new version of Kaspersky Anti-Virus is available for download via FileForum.

Comments

kronix2
Oct 6, 2005 - 5:35 AM

It took them one day to update their application modules, and hours to issue updated virus definitions. If only all security flaws were dealt with so speedily.

Score: 0

|
Post Reply
jordenpro
Oct 5, 2005 - 10:56 AM

This is exactly why Kaspersky is the best Anti-Virus around. A flaw like this is discovered, they quickly explain and release a solution also noting that no PoC has been released on this flaw.

I trust Kaspersky for my AntiVirus needs because they are the best.

Score: 0

|
Post Reply
beta_animal
Oct 4, 2005 - 6:11 PM

http://www.kaspersky.com/news?id=171512144

Wouldn't it be nice if Microsoft "Highly Critical" vulnerabilities were dealt with this quickly? Reported October 4. New virus definitions released October 4.

Score: 0

|
Post Reply
JSDvs9172
Oct 4, 2005 - 8:23 PM edited

Very true. However you have to remember that frequent updates did cause confusion for customers in Microsoft's case, hence we got "Patch Tuesday." But aside from that, who knows? (Although the delay does provide for adequate "quality-check time," and Microsoft DOES break cycle on patches if it's an emergency...)

Score: 0

|
Post Reply

Silverlight 3 goes live on Microsoft's servers

Microsoft's answer to Adobe's Flash is (unofficially) here, with prospects of higher-speed, higher-resolution video and for the first time, 3D.

Three Android phones on the way from T-Mobile in 2009

T-Mobile's myTouch 3G, launched Wednesday, will be followed by two more Android phones later this year, but neither of them will be HTC's Hero.

Best Buy-brand TVs to get TiVo

A new alliance will place the retailer's own brand alongide the manufacturers, and could also lead to future partnerships on services.

LTE still lacks a voice

The 4G Wireless standard that Verizon hopes to show off before this year is out is still at a loss for (spoken) words.

Data sharing among online advertisers: Is sanity in sight?

Lockdown with Angela Gunn In the middle of a 15-page plea not to get regulated, a spark of smart thinking.

T-Mobile's strategy to combat Apple's iPhone with Android

With a trio of Android phones now in the pipeline for 2009, T-Mobile hopes to break the iPhone's emerging stranglehold.

EC's Reding: Government should act as broker for media downloads

If Internet media services don't step up and build an attractive way for users to start paying for downloads, a commissioner says, government may do the job instead.

Sony TVs get Netflix, still no PS3

Though it's coming in behind LG, Samsung, and Microsoft, Sony will begin to offer Netflix streaming, too.

Google Chrome OS: Too little, too early

Carmi Levy: Wide Angle Zoom Don't start the revolution just yet, says Carmi, who isn't so certain Chrome OS will be the "Windows Killer."

GAO pen test brings the hammer down on federal rent-a-cops

But are the computers to blame for the contract-guard fiasco at FPS?

What's Next: Chrome OS will have at least some friends in high places

Also: South Korea takes another round of DDoS abuse, and Neelie Kroes and Steve Ballmer may shake hands before she exits stage left.

Report: Evidence of further creativity with Windows 7 upgrade prices

A ZDNet blogger did some serious digging for clues as to a reported price break on multiple Windows 7 Home Premium licenses, and may have found it.

LimeWire for Windows 5.2.5 Beta

July 9 - 6:47 PM ET

Vuze for Windows 4.2.0.4

July 9 - 6:26 PM ET

UltraVNC 1.0.6.4

July 9 - 6:05 PM ET

WildBit Viewer 5.5 Beta 3.0

July 9 - 5:44 PM ET

Bvckup 1.0.0.239 Beta

July 9 - 5:30 PM ET

Microsoft Silverlight for Windows 3.0.40624.0

July 9 - 3:16 PM ET

AOL for Windows 9.5 Refresh Beta 11 (0.4337.74.1)

July 9 - 2:32 PM ET