Security researchers at the Imaginary team discovered a Heap Buffer Overflow Vulnerability in Kaspersky Antivirus Engine and responsibly reported it.
Security experts at the Imaginary team discovered a Heap Buffer Overflow vulnerability in Kaspersky Antivirus Engine.
The flaw tracked as CVE-2019-8285 affects Kaspersky Lab Antivirus Engine version before 04.apr.2019 and potentially allows arbitrary code execution.
“Kaspersky Anti-Virus Engine is prone to a heap-basedbuffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data.” reads the security advisory,
“Attackers can exploit this issue to execute arbitrary code within the context of the application. Given the nature of this issue, attackers may also be able to cause a denial-of-service condition, but this has not been confirmed.”
The heap buffer overflow vulnerability received a CVSSv3 Score 8.0.
According to the security advisory published by Kaspersky Lab the issue could potentially allow third-parties to remotely execute arbitrary code on a user’s PC with system privileges.
Kaspersky deployed the fix to Kaspersky Lab customers on 4th April, 2019 through a product update.
“This issue was classified as heap-based buffer overflow vulnerability. Memory corruption during JS file scan could lead to execution of arbitrary code on a user machine.” reads the advisory published by Kaspersky Lab.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.