Security Flaw in Kaspersky Antivirus

by Nate Mook

October 4, 2005, 3:20 PM

UPDATED A security researcher has uncovered a critical security flaw in Kaspersky Anti-Virus that could allow an attacker to take control of a vulnerable system. The problem lies in a component used to open CAB files, which can be exploited using a buffer overflow.

According to an advisory issued by Alex Wheeler, a malformed CAB file could be sent via e-mail, and when opened by Kaspersky Antivirus for processing the PC could be compromised.

Security firm Secunia has rated the flaw "Highly Critical" and notes that other Kaspersky software may also be vulnerable due to the component being reused across multiple products.

In a statement on its Web site, Kaspersky acknowledged the existence of the flaw but downplayed the potential risk to end users.

"The actual threat posed by the CAB vulnerability is minimal and cannot affect the level of antivirus protection provided by Kaspersky Lab products," the company said.

Nonetheless, Kaspersky has worked quickly to resolve the problem. Antivirus definitions released on September 29 onward include a check for such an attack. The company has also completed on an emergency update to its product line to fix the affected CAB module.

The new version of Kaspersky Anti-Virus is available for download via FileForum.

Add a Comment

4 Comments

Name E-mail

Betanews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

kronix2
Oct 6, 2005 - 5:35 AM

It took them one day to update their application modules, and hours to issue updated virus definitions. If only all security flaws were dealt with so speedily.

Score: 0

|
Post Reply
jordenpro
Oct 5, 2005 - 10:56 AM

This is exactly why Kaspersky is the best Anti-Virus around. A flaw like this is discovered, they quickly explain and release a solution also noting that no PoC has been released on this flaw.

I trust Kaspersky for my AntiVirus needs because they are the best.

Score: 0

|
Post Reply
beta_animal
Oct 4, 2005 - 6:11 PM

http://www.kaspersky.com/news?id=171512144

Wouldn't it be nice if Microsoft "Highly Critical" vulnerabilities were dealt with this quickly? Reported October 4. New virus definitions released October 4.

Score: 0

|
Post Reply
JSDvs9172
Oct 4, 2005 - 8:23 PM edited

Very true. However you have to remember that frequent updates did cause confusion for customers in Microsoft's case, hence we got "Patch Tuesday." But aside from that, who knows? (Although the delay does provide for adequate "quality-check time," and Microsoft DOES break cycle on patches if it's an emergency...)

Score: 0

|
Post Reply

Audiovox flashback features Elvis and rabbit-ears

Elvis! The season's first sighting of the King occurred at the Audiovox press...

Live from the Cisco press conference at CES 2009

Known worldwide as an infrastructure company, Cisco now plays a bigger role...

Toshiba focuses on mid-range DTV for everyone

Toshiba's press conference at CES 2009 this morning featured announcements in...

LG unleashes its annual flood of announcements

Holding down its traditional CES-opening spot at 8:00 am, LG on Wednesday ran...

Netgear debuts a BitTorrent-enabled set-top box

The first of NetGear's three big product announcements at CES this morning is...

Live from the LG press conference at CES 2009

Speaking to an overflow crowd in Las Vegas Wednesday morning, executives from...

CES Unveiled event provides a high-energy opener

If CES is a banquet, CES Unveiled -- the opening press event -- is like a...

Going green with iGo by eliminating 'vampire power'

At CES this week, iGo will introduce a surge protector, a laptop charger, and...

Pocket-sized music player / mixer to make North American debut

This week's CES show will mark the North American rollout of a handheld...

PowerMat intros an innovative battery charger

At CES this week, a company called "The Power Mat" will roll out a slick...

First look at Novatel's MiFi wireless hotspot

At the CES Unveiled press event tonight, Novatel Wireless gave a first look...

New Asus netbooks will feature Windows 7

UPDATED At a press conference at CES 2009 Tuesday evening, Asus introduced...

Bargain-basement Blu-ray

The notebook PC is king

How green is your CE?

Live commentary from CES 2009 events

IPTV in your HDTV

Netbooks take center stage