Security experts at the Imaginary team discovered a Heap Buffer Overflow vulnerability in Kaspersky Antivirus Engine.
The flaw tracked as CVE-2019-8285 affects Kaspersky Lab Antivirus Engine version before 04.apr.2019 and potentially allows arbitrary code execution.
“Kaspersky Anti-Virus Engine is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data.” reads the security advisory,
“Attackers can exploit this issue to execute arbitrary code within the context of the application. Given the nature of this issue, attackers may also be able to cause a denial-of-service condition, but this has not been confirmed.”
The heap buffer overflow vulnerability received a CVSSv3 Score 8.0.
According to the security advisory published by Kaspersky Lab the issue could potentially allow third-parties to remotely execute arbitrary code on a user’s PC with system privileges.
Kaspersky deployed the fix to Kaspersky Lab customers on 4th April, 2019 through a product update.
“This issue was classified as heap-based buffer overflow vulnerability. Memory corruption during JS file scan could lead to execution of arbitrary code on a user machine.” reads the advisory published by Kaspersky Lab.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Kaspersky Antivirus, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…
Researchers released an exploit code for the actively exploited vulnerability CVE-2024-3400 in Palo Alto Networks'…
This website uses cookies.