Kaspersky laid low by antivirus software hole

Kaspersky laid low by antivirus software hole

Kaspersky Lab has been hit by a security bug affecting a wide range of its antivirus products. The bug isn't limited to a particular platform, and can be exploited through several common protocols to take over a protected system.

Separately, security vendors warned that exploit code has begun circulating publicly for an unpatched flaw in Microsoft Office that was first disclosed in April. The exploit makes it easier for attackers to take advantage of the hole, which, like the Kaspersky flaw, could allow attackers to take over a system.

Meanwhile, Cisco is touting a new system designed to offer quick fixes for new vulnerabilities 15 minutes after the security community discovers them.

The Kaspersky flaw is in an antivirus Library used to parse CAB files. It could be exploited via protocols such as SMTP, SMB, HTTP and FTP, according to an advisory from Alex Wheeler, who discovered the flaw.

The problem has been confirmed in version of the CAB scanning library, and probably affects other versions as well, security researchers said. The products affected include Kaspersky antivirus 4.x, Kaspersky antivirus 5.x and Kaspersky SMTP-Gateway 5.x.

"Due to the library's OS-independent design and core functionality, it is likely this vulnerability affects a substantial portion of Kaspersky's gateway, server, and client antivirus enabled product lines on most platforms," Wheeler said in the advisory.

No official patch is yet available, according to researchers. FrSIRT, the French Security Incident Response Team, said the flaw was "critical".

The Office exploit is circulating as a Microsoft Access file, which, when run, can take over a system. Microsoft said it is aware of the flaw and is considering issuing a patch. The bug is a memory handling error in the Microsoft Jet Database Engine and can be triggered by parsing database files, according to security vendor Secunia.

Cisco is better known as the dominant enterprise networking company, but has launched an Incident Control System (ICS) linked to Trend Micro's TrendLabs research service.

Cisco's ICS appliance, to be available this month, will get a quick policy-based fix for newly discovered vulnerabilities and attacks within 15 minutes of their detection by TrendLabs, Cisco said. A more fine-tuned fix is to be distributed after 90 minutes.

Cisco said it will first roll out the appliance in manual mode, allowing administrators to choose whether to implement any given quick-fix. Some policy changes could disrupt corporate networks by, for example, blocking important ports, Cisco said.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


ARN Innovation Awards 2022

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

EDGE 2022

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.

Show Comments