Security experts at the Imaginary team discovered a Heap Buffer Overflow vulnerability in Kaspersky Antivirus Engine.
The flaw tracked as CVE-2019-8285 affects Kaspersky Lab Antivirus Engine version before
“Kaspersky Anti-Virus Engine is prone to a
“Attackers can exploit this issue to execute arbitrary code within the context of the application. Given the nature of this issue, attackers may also be able to cause a denial-of-service condition, but this has not been confirmed.”
The heap buffer overflow vulnerability received a CVSSv3 Score 8.0.
According to the security advisory published by Kaspersky Lab the issue could potentially allow third-parties to remotely execute arbitrary code on a user’s PC with system privileges.
Kaspersky deployed the fix to Kaspersky Lab customers on 4th April, 2019 through a product update.
“This issue was classified as heap-based buffer overflow vulnerability. Memory corruption during JS file scan could lead to execution of arbitrary code on a user machine.” reads the advisory published by Kaspersky Lab.