Apr 10, 2007

[Security] Two Kaspersky Vulnerabilities

Two vulnerabilities regarding Kaspersky security products have been disclosed by iDefense.

There is a heap overflow vulnerability in Kaspersky Internet Security Suite. This vulnerability allows for a remote code execution.

Kaspersky's response is here.

An information disclosure vulnerability is discovered involving Kaspersky Antivirus (version 6). This vulnerability could allow malicious Web sites to obtain files from a user's computer. The danger here is that in this vulnerability, no dialog nor warning window is shown when a malicious script starts a file transfer.

Kaspersky's response for this vulnerability is here.

Kaspersky users are advised to install Maintenance Pack 2 to patch these vulnerabilities.

NOTE: Remote code execution occurs when an outsider is able to execute a program on a remote computer through holes in the computer, either via vulnerabilities or backdoors. An information disclosure occurs when a vulnerable application allows an outsider to gain/steal any information.

No comments:

Post a Comment