Kaspersky Labs is investigating a reported flaw in its
anti-virus software that potentially allows remote attackers to
take over a user’s machine.
The flaw has been reported by security researcher Alex Wheeler
and the French Security Incident Response Team.
The problem is said to lie in an omission in Kaspersky’s
anti-virus signature library, and is likely to affect multiple
versions of the company’s business and consumer products.
Third-party suppliers that use Kaspersky’s products in packaged
systems could also be affected.
A remote attacker can take over users’ machines by sending a
malformed compression file to a vulnerable system via e-mail, using
a heap overflow technique.
The Kaspersky anti-virus scanner will accept the message and the
user’s machine will become infected without any further user
interaction.
Kaspersky says it is looking into the flaw.
