Your one-stop web resource providing safety and security information to manufacturers

A warning released against an already patched security flaw in Kaspersky antivirus.

In short, the vulnerability was patched and users should apply the patch or there could be problems.

RELATED STORIES
Cisco Fixes Elastic Services Controller Hole
Cloud Database Exposes 80M Households
Oracle Fixes WebLogic Server Hole
Android Security Patch Releases

Discovered by German cybersecurity agency BSI, attackers can just send a malicious email containing a crafted file to their targets and, in some cases, this file “doesn’t even need to be opened.”

CVE-2019-8285, which is a heap-based buffer overflow vulnerability that potentially allow remote execution of arbitrary code, ended up fixed by Kaspersky last month.

Cyber Security

Kaspersky said only systems with antivirus databases released before April 4 ended up vulnerable.

The patch has already been released through the built-in update system of Kaspersky products, so if automatic updates are enabled, your device should be secure.

All Kaspersky products with antivirus database are affected by the vulnerability, said a Kaspersky advisory.

The vulnerability could end up leveraged by having the Kaspersky security product scan a crafted JS file, which can help an attacker achieve remote code execution and eventually take control of the target device.

Pin It on Pinterest

Share This