Hole found in Kaspersky anti-virus software
Kaspersky Labs is investigating a reported flaw in its anti-virus software that potentially allows remote attackers to take over a user’s machine.
Kaspersky Labs is investigating a reported flaw in its anti-virus software that potentially allows remote attackers to take over a user’s machine.
The flaw has been reported by security researcher Alex Wheeler and the French Security Incident Response Team.
The problem is said to lie in an omission in Kaspersky’s anti-virus signature library, and is likely to affect multiple versions of the company’s business and consumer products.
Third-party suppliers that use Kaspersky’s products in packaged systems could also be affected.
A remote attacker can take over users’ machines by sending a malformed compression file to a vulnerable system via e-mail, using a heap overflow technique.
The Kaspersky anti-virus scanner will accept the message and the user’s machine will become infected without any further user interaction.
Kaspersky says it is looking into the flaw.
Read more on IT risk management
-
![]()
Kaspersky shuts down data-processing activities in Russia
By: Alex Scroxton
-
![]()
Coronavirus: Kaspersky, Bitdefender make products free to NHS
By: Alex Scroxton
-
![]()
Kaspersky eyes enterprise business, opens APAC transparency hub
By: Edwin Yapp
-
![]()
Barclays Bank stops offering Kaspersky software to new users
By: Karl Flinders
