The Channel logo

News

By | John Leyden 4th October 2005 19:40

Kaspersky in heap-based buffer overflow vuln

Oh no! Not the heap-based buffer overflow vuln!

Users of Kaspersky anti-virus were warned this week of a potentially serious security vulnerability. The bug - unearthed by security researcher Alex Wheeler - involves a heap-based buffer overflow vulnerability related to the processing of malformed CAB archives.

This security defect might be exploited to allows arbitrary code execution when a malicious CAB archive is scanned, thereby compromising vulnerable systems.

Kaspersky version 5.0 users are confirmed to be at risk. Other versions - including security products that incorporate Kasperky's anti-virus scanning technology - might also be affected. However, this latter risk is unlikely to be much of a problem since most of Kasperky's security partners use older versions of the firm anti-virus engine that are immune from the defect. Likewise, individual users of Kaspersky version 4.5 are not at risk.

Kaspersky is keen to calm possible security concerns. "No attempts to create and distribute [CAB vulnerability] exploits have been recorded to date," it said. Kaspersky has released a package of signatures that detect possible exploits of the vulnerability as a workaround. A more comprehensive fix due to be rolled out through the Russian developer's regular update mechanism on 5 October.

Anti-virus products designed to keep users safe from virus attacks have themselves recently become an increasing source of security bugs. In recent months security vendor ISS has issued alerts over similar but distinct vulnerabilities in various security packages from Symantec, involving the processing of UPX compressed files; and anti-virus products from F-Secure and Trend Micro, both involving the handling of ARJ archive files.

ISS has also unearthed a glitch with McAfee security software involving the processing of LHA files, while Wheeler found a glitch with anti-virus products from UK developer Sophos in July. ®

alert Send corrections

Opinion

WWI French tank picture via Shutterstock
Vinod_Khosla

Chris Mellor

A VC with startup agenda slams established suppliers. Surprised? Neither were we
ZenPad_RealRacing
Boy writes a letter to Santa. Pic via Shutterstock

Kat Hall

Cornwall's win over BT should be a cautionary relationship tale

Features

Eclipse image via Shutterstock
The Azure Portal: Microsoft is betting on cloud for its future business
container_ship_hamburg_shutterstock_648
Michael Dell. Pic by Joi Ito
Cool Texas dude is just your average billionaire