Title: Kaspersky Antivirus Engine ARJ Archive Remote Heap Overflow Vulnerability
Severity: CRITICAL
Description:
The Kaspersky Anti-Virus Engine is the core antivirus software used in Kaspersky security tools for Microsoft Windows.
The software is prone to a remote heap-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it into an insufficiently sized buffer. Specifically, this issue occurs when the engine handles malformed ARJ archives.
An attacker could leverage this issue to execute arbitrary code with SYSTEM-level privileges. A successful exploit could result in the complete compromise of affected computers.
Affected Products:
- Kaspersky Anti-Virus 6.0
- Kaspersky Internet Security 6.0
References:
- Kaspersky: 3 vulnerabilities fixed in Kaspersky Anti-Virus for Workstation, File Server ver
- Kaspersky: Kaspersky Anti-Virus 6.0, Kaspersky Internet Security 6.0 - 5 vulnerabilities fi
- Kaspersky Labs: Kaspersky Internet Security Product Page
- Zero Day Initiative (ZDI): ZDI-07-013: Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
