Users login

Create an account »


Users login

Home » Hacking News » Kaspersky compromised again

Kaspersky compromised again

by Nikola Strahija on October 12th, 2005 Security researchers have uncovered another serious breach in Kaspersky's Anti-Virus Engine (KAV).

The Kaspersky bug, disclosed by iDefense, affects the component of KAV used to parse CHM files. In Linux versions of KAV, a corrupt CHM file can trigger a buffer overflow and allow malicious code execution, with no user interaction required. In Windows installations such a file only disables the virus scanner, but this could allow for further attacks by allowing malicious code to bypass security systems.

KAV is widely used on Linux and Windows in scanners at network gateways and on individual hosts. The engine is widely licensed, but iDefense only confirmed the vulnerability in F-Secure Anti-Virus for Linux 4.50. The bug was also confirmed in Kaspersky Personal 5.0.227 and Kaspersky Anti-Virus On-Demand Scanner for Linux 5.0.5. -All products utilizing the Kaspersky Anti-Virus engine are potentially vulnerable," iDefense said in its advisory.

IDefense said it notified Kaspersky of the problem several months ago, and the company says it has addressed the issue via a signature update as of July 2005. Independent security researcher Secunia gave the flaw a "highly critical" rating.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »