If at first you don't succeed; call it version 1.0
Thursday, 06 October 2005

According to some messages at the Kaspersky website's forums, there should be a security update available for the "Windows workstations" version of the Anti-Virus. The updated version is 5.0.227.

Yesterday, Kaspersky published a response to the advisory, claiming they released an update to their Anti-Virus signatures that should handle exploitation of the CAB engine vulnerability. They also promised that an update to the engine, that will plug the security hole, will be released.

Thursday, 06 October 2005 08:09:14 UTC | Comments [0] | Security#
Monday, 03 October 2005

A new critical vulnerability was found in the Kaspersky Antivirus engine.
According to the advisory, the vulnerability is a Heap Overflow in the CAB file format parsing engine, which can be exploited remotely by receiving a specially crafted CAB file through email or while surfing the web.
There is still no response from the vendor about this issue.
As this advisory includes a Proof of Concept, a malicious exploit will surely arrive soon.
My recommendation to all the Kaspersky Antivirus users is to currently disable CAB files monitoring, by modifying the Real Time Protection settings, until a patch will be available.

To disable Kaspersky CAB files monitoring:
1) Double click the Kaspersky icon in the system tray.
2) Click the "Settings" Tab
3) Click the "modify real time settings" link
4) In the opened window, click the "Additional settings" button.
5) In the opened window, click the "Details" button.
6) In the opened window, check the "Objects" checkbox under the "Exclude from scan" section, and click the enabled "Modify" button.
7) In the opened window, Click the "Add" button.
8) In the opened window, write "*.cab". Click "Open" Button.
9) Click the "OK" button, and again.. the "OK" Button.
10) Click on the "E-mail" tab.
11) Follow sections 5-9 to disable monitoring CAB files in email attachments.

After the patch for this security hole is available and installed, make sure you restore to the default settings by clicking the "restore default settings" link under the "Settings" tab.

Monday, 03 October 2005 22:58:48 UTC | Comments [0] | Security#
Send me an Email
Follow me on Twitter
RSS Feeds
Admin Login
Sign In
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.