Security experts at the Imaginary team discovered a Heap Buffer Overflow vulnerability in Kaspersky Antivirus Engine.
The flaw tracked as CVE-2019-8285 affects Kaspersky Lab Antivirus Engine version before
“Kaspersky Anti-Virus Engine is prone to a
“Attackers can exploit this issue to execute arbitrary code within the context of the application. Given the nature of this issue, attackers may also be able to cause a denial-of-service condition, but this has not been confirmed.”
The heap buffer overflow vulnerability received a CVSSv3 Score 8.0.
According to the security advisory published by Kaspersky Lab the issue could potentially allow third-parties to remotely execute arbitrary code on a user’s PC with system privileges.
Kaspersky deployed the fix to Kaspersky Lab customers on 4th April, 2019 through a product update.
“This issue was classified as heap-based buffer overflow vulnerability. Memory corruption during JS file scan could lead to execution of arbitrary code on a user machine.” reads the advisory published by Kaspersky Lab.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.