Compressed archive files are again and again a source for weak points in virus scanners. Alex Wheeler examined since some months of anti-virus products on such weak points and became already several times fuendig. Now Wheeler in one of several Kaspersky products found used program library an error, which can be used through particularly prepared CAB files.
For the error an internal copying routine is responsible in the program, which can produce a buffer overflow. If an aggressor provides CAB archives co-ordinated with it, he can use this error, without a user must do somewhat in addition. It could send for instance such a file as appendix of a Mail.
If the CAB file is examined by a vulnerable virus scanner, the case of an error occurs. The aggressor can transfer and to the execution bring thereby additional program code. potential could make this program code complete control possible of the computer concerned.
The Windows versions of "Kaspersky anti-virus" are concerned starting from version 5.0 after a statement of the manufacturer. Possibly the problem concerns also anti-virus software of other offerers, who use a licenced version of Kasperskys Scan technology. potential candidates are for example AVK from G-Data, F-Secure or also Escan of Microworld.
According to statements of Kaspersky labs are however not concerned most of these products, since they do not contain the vulnerable module. Also Kaspersky products for Linux and Unix should not be in this way open to attack according to manufacturer.
Kaspersky lab already built signatures as the first measure for the recognition of CAB files, which could use this weak point, into the current updates. These protect also the products of third offerers. In the course 5 October should be available a program update, with which the vulnerable module is replaced.Powered By © StrangerNetWork Operations Department.