The Channel logo

News

By | John Leyden 4th October 2005 19:40

Kaspersky in heap-based buffer overflow vuln

Oh no! Not the heap-based buffer overflow vuln!

Users of Kaspersky anti-virus were warned this week of a potentially serious security vulnerability. The bug - unearthed by security researcher Alex Wheeler - involves a heap-based buffer overflow vulnerability related to the processing of malformed CAB archives.

This security defect might be exploited to allows arbitrary code execution when a malicious CAB archive is scanned, thereby compromising vulnerable systems.

Kaspersky version 5.0 users are confirmed to be at risk. Other versions - including security products that incorporate Kasperky's anti-virus scanning technology - might also be affected. However, this latter risk is unlikely to be much of a problem since most of Kasperky's security partners use older versions of the firm anti-virus engine that are immune from the defect. Likewise, individual users of Kaspersky version 4.5 are not at risk.

Kaspersky is keen to calm possible security concerns. "No attempts to create and distribute [CAB vulnerability] exploits have been recorded to date," it said. Kaspersky has released a package of signatures that detect possible exploits of the vulnerability as a workaround. A more comprehensive fix due to be rolled out through the Russian developer's regular update mechanism on 5 October.

Anti-virus products designed to keep users safe from virus attacks have themselves recently become an increasing source of security bugs. In recent months security vendor ISS has issued alerts over similar but distinct vulnerabilities in various security packages from Symantec, involving the processing of UPX compressed files; and anti-virus products from F-Secure and Trend Micro, both involving the handling of ARJ archive files.

ISS has also unearthed a glitch with McAfee security software involving the processing of LHA files, while Wheeler found a glitch with anti-virus products from UK developer Sophos in July. ®

alert Send corrections

Opinion

Woman cuddles 'sly-looking' Fennec fox. Photo by Shutterstock
Cartoon of employee asking wky boss makes hium wear suspenders (while pincer through open trapdoor remains poised above his head) illustration by Cartoon resource for Shutterstock

Frank Jennings

It's not like my boss painstakingly nurtured the contacts, right?

Features

Girl and computer, photo via Shutterstock
Middle-class terror of engineering also part of problem
Nerd fail photo via Shutterstock
Shouting match
Single market vs. rest of the world