The Channel logo


By | John Leyden 4th October 2005 19:40

Kaspersky in heap-based buffer overflow vuln

Oh no! Not the heap-based buffer overflow vuln!

Users of Kaspersky anti-virus were warned this week of a potentially serious security vulnerability. The bug - unearthed by security researcher Alex Wheeler - involves a heap-based buffer overflow vulnerability related to the processing of malformed CAB archives.

This security defect might be exploited to allows arbitrary code execution when a malicious CAB archive is scanned, thereby compromising vulnerable systems.

Kaspersky version 5.0 users are confirmed to be at risk. Other versions - including security products that incorporate Kasperky's anti-virus scanning technology - might also be affected. However, this latter risk is unlikely to be much of a problem since most of Kasperky's security partners use older versions of the firm anti-virus engine that are immune from the defect. Likewise, individual users of Kaspersky version 4.5 are not at risk.

Kaspersky is keen to calm possible security concerns. "No attempts to create and distribute [CAB vulnerability] exploits have been recorded to date," it said. Kaspersky has released a package of signatures that detect possible exploits of the vulnerability as a workaround. A more comprehensive fix due to be rolled out through the Russian developer's regular update mechanism on 5 October.

Anti-virus products designed to keep users safe from virus attacks have themselves recently become an increasing source of security bugs. In recent months security vendor ISS has issued alerts over similar but distinct vulnerabilities in various security packages from Symantec, involving the processing of UPX compressed files; and anti-virus products from F-Secure and Trend Micro, both involving the handling of ARJ archive files.

ISS has also unearthed a glitch with McAfee security software involving the processing of LHA files, while Wheeler found a glitch with anti-virus products from UK developer Sophos in July. ®

alert Send corrections


George Osborne, photo: HM Treasury
shutterstock_183801788_container ship

Chris Mellor

The SAN growth glory days are well and truly over, so where next?

Tom Whipp

Insurance industry insider tells all
Crypto fingers


Michael Dell. Pic by Joi Ito
Cool Texas dude is just your average billionaire
The Seeing Eye by Valerie Everett, Flickr, CC2.0
Follow the money – or, at least, our projections
Boats storm girl photo via Nikolina Mrakovic
The puppets from Team America: World Police gather at a bar for drinks.