Hole found in Kaspersky anti-virus software

Kaspersky Labs is investigating a reported flaw in its anti-virus software that potentially allows remote attackers to take over a user’s machine.

Antony Savvas
Published: 04 Oct 2005 13:02

Kaspersky Labs is investigating a reported flaw in its anti-virus software that potentially allows remote attackers to take over a user’s machine.

The flaw has been reported by security researcher Alex Wheeler and the French Security Incident Response Team.

The problem is said to lie in an omission in Kaspersky’s anti-virus signature library, and is likely to affect multiple versions of the company’s business and consumer products.

Third-party suppliers that use Kaspersky’s products in packaged systems could also be affected.

A remote attacker can take over users’ machines by sending a malformed compression file to a vulnerable system via e-mail, using a heap overflow technique.

The Kaspersky anti-virus scanner will accept the message and the user’s machine will become infected without any further user interaction.

Kaspersky says it is looking into the flaw.

Read more on IT risk management

All
News
In Depth
Blog Posts
Opinion
Photo Stories
Videos

Latest News

Download Computer Weekly

In The Current Issue:
- Cisco pays $8.6m after whistleblower discloses security flaws in video surveillance system
- AI storage: Machine learning, deep learning and storage needs
- Use Windows 7 end of life to update desktop productivity
Download Current Issue

Latest Blog Posts

How C3M is easing multi-cloud management – Eyes on APAC
IBM floats another cloud strategy – Cliff Saran's Enterprise blog
View All Blogs

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

Blurring the lines between RPA platforms and APIs

RPA is quickly making itself known in the automation market, but the real game changer is utilizing the technology in an API-rich...
Preparing for a 5G deployment: 5 things CIOs need to do now

Experts discuss the five moves CIOs should be making right now to ensure they are prepared to take hold of 5G as it becomes more ...
New class of cloud security suite promises next-gen protection

Nemertes analyst John Burke points CIOs to a new type of cloud security offering that combines the functions of VPN, cloud ...

SearchSecurity

DevOps security checklist requires proper integration

There are a lot of moving parts to adding security into a DevOps environment. Using application testing DevOps security tools are...
How to identify and evaluate cybersecurity frameworks

Not all frameworks for cybersecurity are equal. ESG's Jon Oltsik explains what attributes make a cybersecurity framework and how ...
Microsoft discovers BlueKeep-like flaws in Remote Desktop Services

Microsoft disclosed four remote code execution flaws in Remote Desktop Services that are similar to BlueKeep, as well as other ...

SearchNetworking

Compare the leading SD-WAN vendors before you buy

This SD-WAN vendor comparison chart is a useful starting point to get information about SD-WAN deployment options, pricing, cloud...
Cisco faces sales slump amid Chinese tariffs, falling SP revenues

Cisco forecast weak revenue growth in the current quarter, as service provider sales fell and product orders were flat. The ...
The top AIOps use cases in network performance management tools

AIOps use cases in network performance management include automating certain network functions, including traffic analysis. But ...

SearchDataCenter

How to get out of a bad colocation contract

Renegotiation, legal action and cancellation are all options if your colocation service agreement isn't up to par. But each ...
5 steps to include on your software update checklist

Training, testing and automation are all essential components to software updates. Implementing these concepts makes version ...
Cray exascale computer to modernize aging nuclear weapon stockpile

The U.S. is buying an exascale system from Cray Inc., its third from the company which is now being acquired by HPE. The $600 ...

SearchDataManagement

AWS Lake Formation goes GA, as cloud data lake market grows

First released in late 2018, AWS Lake Formation is now generally available and it could be the force that helps to accelerate ...
Apollo data graph brings managed federation to enterprises

The new Apollo update is intended to enable organizations to federate multiple enterprise data sets more easily and use APIs to ...
Data management roles: Data architect vs. data engineer, others

Veteran data professional Michael Bowers differentiates between key data management positions, including their salaries and which...

Close