Security Affairs
Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Tough weekend for Kaspersky patching a buffer overflow vulnerability

Last week, Kaspersky Lab was informed about a buffer overflow flaw that affects its antivirus products version 2015 and 2016 and released a patch within 24 hours. Last week, Kaspersky Lab was informed about a buffer overflow flaw that affects its antivirus products version 2015 and 2016 by one of information security engineers working in […]

Tough weekend for Kaspersky patching a buffer overflow vulnerability

Last week, Kaspersky Lab was informed about a buffer overflow flaw that affects its antivirus products version 2015 and 2016 and released a patch within 24 hours.

Last week, Kaspersky Lab was informed about a buffer overflow flaw that affects its antivirus products version 2015 and 2016 by one of information security engineers working in Google and released a patch within 24 hours to address the problem.

Tavis Ormandy tweeted on 5th September about this exploit with a screenshot that shows windows calculator is running under the process of Kaspersky antivirus. A commonly used method to demonstrate successful code execution exploit is opening calc.exe from a difference process.

Kaspersky product buffer overflow

It simply means if an application contains a flaw that let an attacker execute calc.exe, the application can be used as a platform to execute any malicious code.

A representative of the Kaspersky Lab said the vulnerability was a buffer overflow and was patched within 24 hours after being reported. The patch was distributed to all the customers by use of automatic update.

Again, Ormandy tweeted on 7th September that he has sent some more vulnerabilities to Kaspersky to investigate even though still there is no information about the exploitability of the aforementioned bugs.

buffer overflow tweet

“Kaspersky Lab has always supported the assessment of our solutions by independent researchers. Their ongoing efforts help us to make our solutions stronger, more productive and more reliable.” Kaspersky Lab said.

Mr. Ormandy has a great reputation for finding security vulnerabilities in security products. Last June, he found a remote command execution vulnerability in ESET products. In 2014, he managed to find a flaw enabling hackers to disable Microsoft anti-malware products as well as finding critical vulnerabilities on Sophos antivirus in 2012.

About the Author

Ali Taherian (@ali_taherian) is an enthusiastic information security Officer. He’s finished his education in information security and has recently been involved in banking software and payment security industry. Taherian is proud to be certified IBM Cloud Computing Solution Advisor and ECSA and enjoys sharing and tweeting about security advances and news.

Edited by Pierluigi Paganini

(Security Affairs –  Kaspersky, buffer overflow)