Last week, Kaspersky Lab was informed about a buffer overflow flaw that affects its antivirus products version 2015 and 2016 by one of information security engineers working in Google and released a patch within 24 hours to address the problem.
Tavis Ormandy tweeted on 5th September about this exploit with a screenshot that shows windows calculator is running under the process of Kaspersky antivirus. A commonly used method to demonstrate successful code execution exploit is opening calc.exe from a difference process.
It simply means if an application contains a flaw that let an attacker execute calc.exe, the application can be used as a platform to execute any malicious code.
A representative of the Kaspersky Lab said the vulnerability was a buffer overflow and was patched within 24 hours after being reported. The patch was distributed to all the customers by use of automatic update.
Again, Ormandy tweeted on 7th September that he has sent some more vulnerabilities to Kaspersky to investigate even though still there is no information about the exploitability of the aforementioned bugs.
“Kaspersky Lab has always supported the assessment of our solutions by independent researchers. Their ongoing efforts help us to make our solutions stronger, more productive and more reliable.” Kaspersky Lab said.
Mr. Ormandy has a great reputation for finding security vulnerabilities in security products. Last June, he found a remote command execution vulnerability in ESET products. In 2014, he managed to find a flaw enabling hackers to disable Microsoft anti-malware products as well as finding critical vulnerabilities on Sophos antivirus in 2012.
About the Author
Ali Taherian (@ali_taherian) is an enthusiastic information security Officer. He’s finished his education in information security and has recently been involved in banking software and payment security industry. Taherian is proud to be certified IBM Cloud Computing Solution Advisor and ECSA and enjoys sharing and tweeting about security advances and news.
Edited by Pierluigi Paganini
(Security Affairs – Kaspersky, buffer overflow)