Info

Disclosure

Oct 03, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Kapersky Anti-Virus. The 'cab.ppl' engine fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted CAB archive, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Kaspersky Lab has released a patch to address this vulnerability.

Products

Kaspersky Lab	Kaspersky Anti-Virus Personal	5.0
	Kaspersky Anti-Virus Personal Pro	5.0
	Kaspersky Anti-Virus for Windows Workstations	5.0
	Kaspersky Anti-Virus for Windows File Servers	5.0
	Kaspersky Personal Security Suite	1.1

References

Security Tracker: 1014998
Bugtraq ID: 14998
Secunia Advisory ID: 17024
CVE ID: 2005-3142 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0018.html
Generic Informational URL: http://beta.news.com.com/Flaw+found+in+Kaspersky+antivirus/2100-1002_3-5887857.ht ......
Vendor URL: http://www.kaspersky.com/
Vendor Specific Advisory URL: http://www.kaspersky.com/news?id=171512144
Other Advisory URL: http://www.rem0te.com/public/images/kaspersky.pdf

Credit

Alex Wheeler - IBM ISS X-Force

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Kaspersky Lab

Kaspersky Anti-Virus Personal

Kaspersky Anti-Virus Personal Pro

Kaspersky Anti-Virus for Windows Workstations

Kaspersky Anti-Virus for Windows File Servers

Kaspersky Personal Security Suite

References

Credit