Kaspersky Says It's Fixed AV Scanner Flaw

Monday, a researcher known for spotting bugs in security software disclosed one in Kaspersky's AV engine that could be used by attackers to grab complete control of a PC protected by the company's Windows products. Kaspersky's scanning engine can be tricked by malformed .cab files -- a format used by Microsoft to hold compressed files on distribution disks and PCs -- into causing a heap overflow, said Alex Wheeler.

As Kaspersky confirmed the vulnerability in an e-mail to TechWeb, it also said it had already stymied possible exploits by building and releasing a package of signatures that detect possible exploits.

"This set of signatures was added to the anti-virus databases of Kaspersky Anti-Virus on September 29, significantly reducing the chances of successful use of the .cab vulnerability exploits," spokesman Alexey Zernov said in the e-mail. He also noted that Wheeler did not publish exploit code, a fact that would make it more difficult for attackers to leverage the vulnerabilities.

Zernov also said that company developers were working on an emergency update that would include changes to the .cab scanning module. Kaspersky will release the fix Wednesday, Oct. 5.

According to Kaspersky, only the Windows versions of its software are vulnerable. They include Kaspersky Anti-Virus Personal 5.0, Kaspersky Anti-Virus Personal Pro 5.0, Kaspersky Anti-Virus 5.0 for Windows Workstations, Kaspersky Anti-Virus 5.0 for Windows File Servers, and Kaspersky Personal Security Suite 1.1.

The company also claimed that since the majority of its OEM partners use an earlier edition of its AV scanning engine, their products are not affected.