If at first you don't succeed; call it version 1.0
Monday, 03 October 2005

A new critical vulnerability was found in the Kaspersky Antivirus engine.
According to the advisory, the vulnerability is a Heap Overflow in the CAB file format parsing engine, which can be exploited remotely by receiving a specially crafted CAB file through email or while surfing the web.
There is still no response from the vendor about this issue.
As this advisory includes a Proof of Concept, a malicious exploit will surely arrive soon.
My recommendation to all the Kaspersky Antivirus users is to currently disable CAB files monitoring, by modifying the Real Time Protection settings, until a patch will be available.

To disable Kaspersky CAB files monitoring:
1) Double click the Kaspersky icon in the system tray.
2) Click the "Settings" Tab
3) Click the "modify real time settings" link
4) In the opened window, click the "Additional settings" button.
5) In the opened window, click the "Details" button.
6) In the opened window, check the "Objects" checkbox under the "Exclude from scan" section, and click the enabled "Modify" button.
7) In the opened window, Click the "Add" button.
8) In the opened window, write "*.cab". Click "Open" Button.
9) Click the "OK" button, and again.. the "OK" Button.
10) Click on the "E-mail" tab.
11) Follow sections 5-9 to disable monitoring CAB files in email attachments.

After the patch for this security hole is available and installed, make sure you restore to the default settings by clicking the "restore default settings" link under the "Settings" tab.

Monday, 03 October 2005 22:58:48 UTC | Comments [0] | Security#
Comments are closed.     
Send me an Email
Follow me on Twitter
RSS Feeds
Admin Login
Sign In
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.