A warning released against an already patched security flaw in Kaspersky antivirus.
In short, the vulnerability was patched and users should apply the patch or there could be problems.
Discovered by German cybersecurity agency BSI, attackers can just send a malicious email containing a crafted file to their targets and, in some cases, this file “doesn’t even need to be opened.”
CVE-2019-8285, which is a heap-based buffer overflow vulnerability that potentially allow remote execution of arbitrary code, ended up fixed by Kaspersky last month.
Kaspersky said only systems with antivirus databases released before April 4 ended up vulnerable.
The patch has already been released through the built-in update system of Kaspersky products, so if automatic updates are enabled, your device should be secure.
All Kaspersky products with antivirus database are affected by the vulnerability, said a Kaspersky advisory.
The vulnerability could end up leveraged by having the Kaspersky security product scan a crafted JS file, which can help an attacker achieve remote code execution and eventually take control of the target device.