Flaw found in Kaspersky antivirus

A "critical" flaw in Kaspersky Lab's antivirus software could let an attacker commandeer systems that use the products, a security researcher warned Monday.

The problem lies in Kaspersky's antivirus library, security researcher Alex Wheeler wrote in an advisory (download PDF of advisory here). The vulnerability likely affects multiple Kaspersky products on various platforms because the library is used throughout the company's consumer and corporate software, he said.

Additionally, third-party products that use Kaspersky's antivirus technology could also be vulnerable, Wheeler said.

A remote attacker could exploit the heap overflow flaw by sending a malformed CAB file--a compression file--to a vulnerable system, the French Security Incident Response Team said in an advisory. The CAB file could be sent in an e-mail, for example, and once the Kaspersky antivirus scanner had accepted it, the malicious code would be in the system. No user interaction is required, Wheeler said. FrSirt describes the issue as "critical," its highest rating.

A representative for Kaspersky in Moscow could not immediately comment on the issue and said that the Russian company would need to investigate.

Antivirus software is like low-hanging fruit to hackers, Yankee Group analysts wrote in a research paper released earlier this year. As the pool of easily exploitable security bugs in Microsoft Windows dries up, attackers are looking to security software for holes to get into systems, the analysts said.

At the Black Hat Briefings security conference this summer, researchers at Internet Security Systems outlined vulnerabilities in antivirus products. ISS has discovered bugs in products from security software makers including Symantec, McAfee, Trend Micro and F-Secure.

Just trying to kill the concurent!

If u have even very basic software knowledge and windows security, u understand that if u run anything on ur machine having Administrator privileges this program/software can do anything with ur PC. So if u are stupid enough to get libraries from some unknown person and replace ur current one with it how come it is only a problem of Kaspersky antivirus. If u replace library of Norton Or McKaffy antivirus u ll get exactly the same result, dont u? So why is this guy screaming about a hole in Kaspersky antivirus only? Maybe he was paid to stop this software from spreading. U know, most people dont know a lot of how it works but it will stay in their minds that kaspersky is bad. This is just a cheap trick to kill the concurrent company!

[peaceguy]

Exactly, my friend...

You said a mouthful, amigo. You put the cards on the table. There is definitely something fishy going on here...

And thank you CNet, for spreading FUD, without at least mentioning in your story what this fellow is referring to...

[Greg_E_FB]

The library refered by the researchers are the library used by KAV, probably one of those DLL's bundled with Kaspersky products. There could be flaws/bugs which can be exploited if you design a crafted .CAB file. If KAV will scan a malicious .CAB which was created specificially to exploit the KAV bug, then your machine is compromised. No interaction is needed because KAV will scan any .CAB files entering your machine.

Just trying to kill the concurent!

If u have even very basic software knowledge and windows security, u understand that if u run anything on ur machine having Administrator privileges this program/software can do anything with ur PC. So if u are stupid enough to get libraries from some unknown person and replace ur current one with it how come it is only a problem of Kaspersky antivirus. If u replace library of Norton Or McKaffy antivirus u ll get exactly the same result, dont u? So why is this guy screaming about a hole in Kaspersky antivirus only? Maybe he was paid to stop this software from spreading. U know, most people dont know a lot of how it works but it will stay in their minds that kaspersky is bad. This is just a cheap trick to kill the concurrent company!

[peaceguy]

Exactly, my friend...

You said a mouthful, amigo. You put the cards on the table. There is definitely something fishy going on here...

And thank you CNet, for spreading FUD, without at least mentioning in your story what this fellow is referring to...