Critical Flaw Discovered in Kaspersky Antivirus Engine that Allows Arbitrary Code Execution

latest trends in cyber security

Security researchers have discovered a heap overflow flaw in Kaspersky antivirus engine which allows arbitrary code execution.

The flaw tracked as CVE-2019-8285 was discovered by security researchers at Imaginary team.

According to the security advisory, the flaw is because it fails to perform adequate boundary checks on user-supplied data.

“Attackers can exploit this issue to execute arbitrary code within the context of the application. Given the nature of this issue, attackers may also be able to cause a denial-of-service condition, but this has not been confirmed.” said in the advisory

The flaw could allow third parties to remotely execute arbitrary code on the victims PC with system privileges.

“This issue was classified as heap-based buffer overflow vulnerability. Memory corruption during JS file scan could lead to execution of arbitrary code on a user machine.” said in the security advisory published Kaspersky labs.

The vulnerability received a CVSSv3 Score of 8.0 and all Kaspersky products with antivirus databases are affected by the flaw.

Kaspersky patched the flaw through a product update on 4th April 2019.

For the latest cyber threats and the latest hacking news please follow us on FacebookLinkedin and Twitter.

You may be interested in reading: New Emotet Trojan Variant Uses Compromised Devices as Proxy C&C Servers


Please rate this content