The Channel logo

News

By | John Leyden 4th October 2005 19:40

Kaspersky in heap-based buffer overflow vuln

Oh no! Not the heap-based buffer overflow vuln!

Users of Kaspersky anti-virus were warned this week of a potentially serious security vulnerability. The bug - unearthed by security researcher Alex Wheeler - involves a heap-based buffer overflow vulnerability related to the processing of malformed CAB archives.

This security defect might be exploited to allows arbitrary code execution when a malicious CAB archive is scanned, thereby compromising vulnerable systems.

Kaspersky version 5.0 users are confirmed to be at risk. Other versions - including security products that incorporate Kasperky's anti-virus scanning technology - might also be affected. However, this latter risk is unlikely to be much of a problem since most of Kasperky's security partners use older versions of the firm anti-virus engine that are immune from the defect. Likewise, individual users of Kaspersky version 4.5 are not at risk.

Kaspersky is keen to calm possible security concerns. "No attempts to create and distribute [CAB vulnerability] exploits have been recorded to date," it said. Kaspersky has released a package of signatures that detect possible exploits of the vulnerability as a workaround. A more comprehensive fix due to be rolled out through the Russian developer's regular update mechanism on 5 October.

Anti-virus products designed to keep users safe from virus attacks have themselves recently become an increasing source of security bugs. In recent months security vendor ISS has issued alerts over similar but distinct vulnerabilities in various security packages from Symantec, involving the processing of UPX compressed files; and anti-virus products from F-Secure and Trend Micro, both involving the handling of ARJ archive files.

ISS has also unearthed a glitch with McAfee security software involving the processing of LHA files, while Wheeler found a glitch with anti-virus products from UK developer Sophos in July. ®

alert Send corrections

Opinion

frustration_anger_irritation_annoyance pain

Felipe Costa

Pressure to perform for stock market bearing down on disties
Columns of coins in the cloud

Michael Cote

Anything that simple to use has got to be complex to set up
Internet of Things

Gavin Clarke

This time, Larry's Oracle is going after the networking giants

Features

No email? No CRM? No Daily Mail iPad edition? You need a plan
Sinofsky's hybrid strategy looks dafter than ever
Failure to crack next-gen semiconductors threatens to set back humanity
SMEs get lip service - what they need is dinner at the Club