430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Heap Buffer Overflow Vulnerability found in Kaspersky Antivirus Engine

Security researchers at the Imaginary team discovered a Heap Buffer Overflow Vulnerability in Kaspersky Antivirus Engine and responsibly reported it. Security experts at the Imaginary team discovered a Heap Buffer Overflow vulnerability in Kaspersky Antivirus Engine. The flaw tracked as CVE-2019-8285 affects Kaspersky Lab Antivirus Engine version before 04.apr.2019 and potentially allows arbitrary code execution. […]

Kaspersky Antivirus Engine

Security researchers at the Imaginary team discovered a Heap Buffer Overflow Vulnerability in Kaspersky Antivirus Engine and responsibly reported it.

Security experts at the Imaginary team discovered a Heap Buffer Overflow vulnerability in Kaspersky Antivirus Engine.

The flaw tracked as CVE-2019-8285 affects Kaspersky Lab Antivirus Engine version before 04.apr.2019 and potentially allows arbitrary code execution.

“Kaspersky Anti-Virus Engine is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied data.” reads the security advisory,

“Attackers can exploit this issue to execute arbitrary code within the context of the application. Given the nature of this issue, attackers may also be able to cause a denial-of-service condition, but this has not been confirmed.”

The heap buffer overflow vulnerability received a CVSSv3 Score 8.0. 

Kaspersky Antivirus Engine

According to the security advisory published by Kaspersky Lab the issue could potentially allow third-parties to remotely execute arbitrary code on a user’s PC with system privileges.

Kaspersky deployed the fix to Kaspersky Lab customers on 4th April, 2019 through a product update.

“This issue was classified as heap-based buffer overflow vulnerability. Memory corruption during JS file scan could lead to execution of arbitrary code on a user machine.” reads the advisory published by Kaspersky Lab. 

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Kaspersky Antivirus, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]