Kaspersky AV Products Remote Heap Overflow Vuln. in Security

Kaspersky AV Products Remote Heap Overflow Vuln. in Security http://www.dslreports.com/forum/r14494903 en Fri, 04 Dec 2009 08:48:32 EDT Fri, 04 Dec 2009 08:48:32 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14523808 Don Pelotas :

said by Mele20

:

I assume KAV and KIS 6.0 beta are also immune?

Edit: Just proves me right. :) 4.5 is superior to 5.0 no matter how much many of you wish that wasn't so. 6.0 is great also (except for a GUI and pop ups so tiny that no one can read them) and NOTHING like the ill fated, poorly done 5.0.

Actually bacause you feel this way does not mean it is so, for me 5.0 is clearly better and yes i use iStreams.:p;):D

Version 4.0-4.5 has also had issue's along the way as any AV have during it's lifetime, they get discovered and then they get fixed, in this case no user was at risk because it was covered via signatures before the disclosure and the patch available within 48 hours. Just for record i think they are all good (4.5, 5.0 6.0), they all have their advantages/disadvantages, 6.0/2006 does look very promissing with the proactive defense, but for some users who are not into computers there will be a learningcurve greater than with the very easy to configure 5.0, i foresee a busy time at the Kav forum when it is released.

I don't know if 2006 has the patch but i would assume it, even if it is a beta. You are covered via signatures if not.:)]]> http://www.dslreports.com/forum/remark,14523808 Fri, 07 Oct 2005 09:15:36 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14523730 mboy :

said by Mele20

Still trying claim you know something about computing huh?
You have certainly proved a # of things around here lately. I wouldn't call one of them "being right".]]> http://www.dslreports.com/forum/remark,14523730 Fri, 07 Oct 2005 08:58:19 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14523727 Don Pelotas :

said by GuruGuy

:

Don, do you ever sleep?

I see you posting in various forums night and day!

Thanks for all of your KAV support.

6-8 hour a day, but thanks for the kind words.;):)]]> http://www.dslreports.com/forum/remark,14523727 Fri, 07 Oct 2005 08:56:15 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14523682 Mele20 : I assume KAV and KIS 6.0 beta are also immune?

Edit: Just proves me right. :) 4.5 is superior to 5.0 no matter how much many of you wish that wasn't so. 6.0 is great also (except for a GUI and pop ups so tiny that no one can read them) and NOTHING like the ill fated, poorly done 5.0. ]]> http://www.dslreports.com/forum/remark,14523682 Fri, 07 Oct 2005 08:43:47 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14523604 cork1958 :

said by 33591094

:

According to Kaspersky, KAV version 4.5 is not affected...

»www.kaspersky.com/news?id=171512144

Importantly, version 4.5 of Kaspersky Lab's antivirus products is not affected by the vulnerability.

Yay!! :)
--
Spread Free Opera. Fastest browser on Earth or in Cyberspace!!]]> http://www.dslreports.com/forum/remark,14523604 Fri, 07 Oct 2005 08:23:43 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14523328 GuruGuy : Don, do you ever sleep?

I see you posting in various forums night and day!

Thanks for all of your KAV support.
--
GuruGuy]]> http://www.dslreports.com/forum/remark,14523328 Fri, 07 Oct 2005 06:51:36 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14523241 Don Pelotas :
said by IGGY :

And on a little different note. It would nice if Kaspersky included a way to backup current settings. Similar to how ZoneLabs does things with ZoneAlarm. So that every time users are having to install a new build. They aren't having to go reset each and every option.
Already does, look for "Managing profiles" in the settings.;)

About updating the program, yes i can certainly see why this is appealing to many users, i personally would turn it of because i always wait a little while before any new version of any program is installed to avoid possible screwups with new builds.

Why do everybody in this thread who feels this is necessary not simply write Kaspersky and demand autoupdate a possibility in the future so that they will know about your wishes, a place you could use is the "Suggestions for current & future versions of KL products" at the official forum:»forum.kaspersky.com/, the more who suggests this, the greater the chance is that this will made possible.:)]]> http://www.dslreports.com/forum/remark,14523241 Fri, 07 Oct 2005 06:06:54 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14522669 dadkins :
said by Anonymous :

said by dadkins :

said by 33591094 :

According to Kaspersky, KAV version 4.5 is not affected...

»www.kaspersky.com/news?id=171512144

Importantly, version 4.5 of Kaspersky Lab's antivirus products is not affected by the vulnerability.,/I>

;):)

Hmmm...why don't you update that old thing?
:p

Well, seeing as it's not affected by this, and I don't have to patch it... why? ;)
--
Think outside the Fox... Opera]]> http://www.dslreports.com/forum/remark,14522669 Fri, 07 Oct 2005 00:45:04 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14522473 Martinus :
said by the niTz :

what about kav for windows workstation does it download the update automatically cause im still seeing 5.0.177

I downloaded it from here:

»ftp://ftp.avp.ru/updates50/AutoPatches/windows/

It's called "patch_all_wks_5.0.225_to_5.0.227.exe", but you should probably update to 5.0.225 first.
--
From the GSV "Ethics Gradient"]]> http://www.dslreports.com/forum/remark,14522473 Fri, 07 Oct 2005 00:03:33 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14522151 IGGY : But that will not alert you to newer builds of the product being available. Like most security software on the planet does within the update feature of the software.

I have my software setup exactly as you have stated. Yes you will get the patch - yes the patch should in fact update your current Kaspersky software to a newer build.

But if you were using a later build of the product your not going to be alerted to the fact that a newer build is available. So customers have to either be alerted in the »Security Product Vendors forum. Which most people here honestly don't keep an eye on. Or the user has to get in the habit of checking the Kaspersky website from time to time. Which is something your average person just isn't going to do.

Although some would argue that in this case running an older Kaspersky build was a benefit. I've never felt running older builds of a security product is a wise thing. So anything that can be done to alert users to newer builds is a positive thing in my opinion.
--
Test Your Security Cable Diagnostics
My BLOG ZoneAlarm Help]]> http://www.dslreports.com/forum/remark,14522151 Thu, 06 Oct 2005 23:16:53 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14522130 Anonymous :
said by dadkins :

said by 33591094 :

According to Kaspersky, KAV version 4.5 is not affected...

»www.kaspersky.com/news?id=171512144

Importantly, version 4.5 of Kaspersky Lab's antivirus products is not affected by the vulnerability.

;):)

Hmmm...why don't you update that old thing?
:p]]> http://www.dslreports.com/forum/remark,14522130 Thu, 06 Oct 2005 23:13:27 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14522036 hamlet : I may not be understanding the argument here Dogwood, but you can have KAV automatically update the version numbers. If you go to "configure updater" and "updater settings", there is a box to check to enable automatic updating of the application module. At least there is in my version 5.0 of KAV personal anti-virus. It is true that you have to do an individual patch to correct this latest vulnerability, but, in general, you can configure KAV to automatically update the module.]]> http://www.dslreports.com/forum/remark,14522036 Thu, 06 Oct 2005 22:59:15 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14520751 GuruGuy : ditto.........
--
GuruGuy]]> http://www.dslreports.com/forum/remark,14520751 Thu, 06 Oct 2005 20:15:32 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14520622 IGGY : "And when they install it, they will update it and be protected."

Which isn't 100% true. Some users are clueless and might not in fact update the software right away. They should - but they may not.

As was mentioned above. A build with the patch applied should be available for download - especially for new users who would be testing a trial version or making a new purchase of Kaspersky.

And as I mentioned above. It would be nice if Kaspersky would finally add new version alerts to the updating system they currently use. That way users would have to go hunting every time they are wondering if a new build exist.

Just from reading this thread. It seems that Kaspersky might want to consider making things a little more obvious to it's customers. There seems to be a lot of confusing in this thread. Do to everyone using different builds and the large amount of builds that are available.

Kaspersky Anti-Virus Personal PRO 5.0.388: Corrected errors and enhancements

»www.kaspersky.com/faq?qid=168960104

"the topic is about a critical fix, not update problems"

Actually when we have threads like this around here. We almost always discuss problems related to updating to the newer build or installing the update etc. within the update thread. So a post in regards to that would on topic in my opinion.

And on a little different note. It would nice if Kaspersky included a way to backup current settings. Similar to how ZoneLabs does things with ZoneAlarm. So that every time users are having to install a new build. They aren't having to go reset each and every option.

"Ok then, the KAV program will not automatically update like most every other AV program does through whole number versions."

The builds don't auto update. But the database definitions do. In the past users haven't been alerted to critical updates by using the update option in the software. And of course they haven't and still aren't alerted to newer builds being available from within the software.

Although I see this as something simple that should have been rectified ages ago. I honestly don't see it as a deal killer in regards to use of the product. The track record of the product outweighs this annoyance.

"Is there someplace or some way to download the patch again or do I have a bigger problem here?"

Try doing a full clean uninstall of the product. Have the latest version downloaded before doing this. Then reboot and make sure to stay offline. Install the new build and then reboot.

When you update the new build the patch should be downloaded and you should be alerted to install it.

You could also use the linked that was provided above to obtain the patch manually. My thought is you may need to do a clean install and you might also make sure you license is still valid. Although I doubt that is your problem.
--
Test Your Security
Cable Diagnostics
My BLOG ZoneAlarm Help]]> http://www.dslreports.com/forum/remark,14520622 Thu, 06 Oct 2005 19:55:54 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14520497 wafen : Don't know if I have a problem.
I downloaded the patch, I then restarted the computer.
When the computer rebooted I still have version 5.0.388 listed and not 5.0.390.
Is there someplace or some way to download the patch again or do I have a bigger problem here?
--
Join Team Helix! Help Us Find A Cure! Get the FAQs!]]> http://www.dslreports.com/forum/remark,14520497 Thu, 06 Oct 2005 19:39:08 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14520486 Dogwood : Ok then, the KAV program will not automatically update like most every other AV program does through whole number versions.

That what I needed to know, now I will have to choose a different AV to install on PCs I build for customers.

Thanks for letting me know.
--
Proud Member of: Team Discovery
BroadbandGaming Admin
BBR Enemy Territory Clan Leader BBr|ET]]> http://www.dslreports.com/forum/remark,14520486 Thu, 06 Oct 2005 19:36:37 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14520446 the niTz : what about kav for windows workstation does it download the update automatically cause im still seeing 5.0.177]]> http://www.dslreports.com/forum/remark,14520446 Thu, 06 Oct 2005 19:29:08 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14520170 no__1__here : Except they don't list KAV Personal Pro there ;)]]> http://www.dslreports.com/forum/remark,14520170 Thu, 06 Oct 2005 18:52:23 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14519952 Don Pelotas :
said by Dogwood :

I guess the real question should be why did my copy of KAV not automatically update versions as they progressed, instead of staying at V5.0.227 for 8 months?

Because you have not updated it.;)

You're mixing full programversions with this very small patch, if you want to to update the programversion from your version 5.0.277 to the latest version 5.0.388, you need to download the program from program updates:»www.kaspersky.com/productupdates and install it in one of two ways: Either download the installer without databases (half the size because of the missing databases) and install ontop of existing installation or download the full version and uninstall 5.0.227 and install 5.0.388. I would do it with the second option.

The patch will be installed auto if you have "Update application modules" enabled in the updater settings (this exactly the situation this is for, installing patches) or you can install manually, you only have to this once no matter what version of 5.0 you are using, the version change from .372 to .375 or .388 to .390 is so you can see you have the patch, no other change than this small patch (64kb's if i remember correctly).]]> http://www.dslreports.com/forum/remark,14519952 Thu, 06 Oct 2005 18:19:48 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14519900 norwegian : dogwood

on the issue of the updating the versions, i can only gather that your are getting definition updates as you go, so you are updated.
now the software updates are a different matter, i can say, someone correct me if im not,

"That in order for software companies to diagnose problems for their users, prefer the latest install, purely for the simple fact, IF you get problems with the software, it helps eliminate most if not all past issues, so they as a company, can help the end user"

i can only see don doing the nessesary requirements to make the job easier, if we need a problem diagnosed

also, im not out to slander/ critize you either, so i will not comment anymore here, as this is Don Pelotas' turf
if you want to discuss it more, IM me about it,if the findings relate more on topic between us, it can be posted back here. the topic is about a critical fix, not update problems]]> http://www.dslreports.com/forum/remark,14519900 Thu, 06 Oct 2005 18:14:06 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14519786 Dogwood :
said by norwegian :

dogwood, you dont read very well, it is mentioned it is an update that requires a reboot, whereas the normal updating doesnt need a reboot, where are you reading about uninstalling

I read perfectly fine thank you very much!
I rebooted twice, once after the first patch file, then again after the second.
After the first patch, I had a V5.0.325, then after the second, I had V5.0.326, as I explained in my previous post, which you must not have read.

This is where I read about uninstalling:
said by Don Pelotas :

if you download the latest full version 5.0.388 uninstall the one you have now and install 5.0.388, then update your signatures and reboot after that, you then are at .390.

said by norwegian :

don just suggested uninstall older versions if you have one and install ver 5.0.388, you can always ask someone to manually download the file if you dont want to get online before being fully updated

Of course I know you must uninstall an AV program if you are going install a new one, but why is this necessary for just an update?

Is there not a patch to go from V5.0.326 to the latest version, or even the previous version?

I guess the real question should be why did my copy of KAV not automatically update versions as they progressed, instead of staying at V5.0.227 for 8 months?
--
Proud Member of: Team Discovery
BroadbandGaming Admin
BBR Enemy Territory Clan Leader BBr|ET]]> http://www.dslreports.com/forum/remark,14519786 Thu, 06 Oct 2005 17:55:12 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14519288 norwegian : Dogwood and GuruGuy,

this has only been out a day, and as don says, its only a 60 kb update, if i remember correctly, they semi fixed via an update the same day it happened, but needed to test the real update for this before saying they have fixed it.
dogwood, you dont read very well, it is mentioned it is an update that requires a reboot, whereas the normal updating doesnt need a reboot, where are you reading about uninstalling

don just suggested uninstall older versions if you have one and install ver 5.0.388, you can always ask someone to manually download the file if you dont want to get online before being fully updated

edit: it may be that they changed the version # as a cross reference to make sure people with KAV on are updating]]> http://www.dslreports.com/forum/remark,14519288 Thu, 06 Oct 2005 16:41:42 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14519215 GuruGuy : That's exactly my point!

Why don't they just put the newest version on the download page so folks can download it and be done with it!
--
GuruGuy]]> http://www.dslreports.com/forum/remark,14519215 Thu, 06 Oct 2005 16:31:30 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14519212 Dogwood : So there is no path to V5.0.390 from where I'm at, other than downloading a complete V5.0.388 install and doing the uninstall then reinstall BS?

I must be mistaken here, because that would be ridiculous.
--
Proud Member of: Team Discovery
BroadbandGaming Admin
BBR Enemy Territory Clan Leader BBr|ET]]> http://www.dslreports.com/forum/remark,14519212 Thu, 06 Oct 2005 16:30:52 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14519042 Don Pelotas : You only have to apply the patch once to be fully patched for your version (whether it is 5.0.121, .142, .156, .227, .228, .325, .372, .383 or the latest 5.0.388), if you download the latest full version 5.0.388 uninstall the one you have now and install 5.0.388, then update your signatures and reboot after that, you then are at .390.]]> http://www.dslreports.com/forum/remark,14519042 Thu, 06 Oct 2005 16:11:12 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14518967 Dogwood : OK, by installing the "patch_pers_5.0.121_142_149_156_227_228.exe" I was able to get to V5.0.325, then I ran the "patch_pers_5.0.325_to_5.0.326.exe" I got to V5.0.326.

[att=1]

Now where do I go to get to V5.0.390?
And why does KAV make updating so confusing?
--
Proud Member of: Team Discovery
BroadbandGaming Admin
BBR Enemy Territory Clan Leader BBr|ET
]]> http://www.dslreports.com/forum/remark,14518967 Thu, 06 Oct 2005 15:59:51 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14518939 Don Pelotas : And when they install it, they will update it and be protected.]]> http://www.dslreports.com/forum/remark,14518939 Thu, 06 Oct 2005 15:56:24 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14518875 GuruGuy : A person buying it at this moment is going to download the latest version.........if home, then he/she will download and install ver .388

That would be a vulnerable ver right from the start. Why isn't the download area updated?
--
GuruGuy]]> http://www.dslreports.com/forum/remark,14518875 Thu, 06 Oct 2005 15:46:41 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14518759 anon : To clear up version number confusion see:
»www.kaspersky.com/faq?qid=171509522

Basically to fix the .cab issue, one does not necessarily need build 390.

Latest builds to fix .CAB issue:
# Kaspersky Anti-Virus Personal from 5.0.121 - 5.0.228 to 5.0.390
# Kaspersky Anti-Virus Personal from 5.0.325 to 5.0.326
# Kaspersky Anti-Virus Personal from 5.0.372 to 5.0.375
# Kaspersky Anti-Virus Personal from 5.0.383 to 5.0.384
# Kaspersky Anti-Virus Personal from 5.0.388 to 5.0.390

# Kaspersky Anti-Virus Personal PRO from 5.0.372 to 5.0.375
# Kaspersky Anti-Virus Personal PRO from 5.0.383 to 5.0.384
# Kaspersky Anti-Virus Personal PRO from 5.0.388 to 5.0.390

# Kaspersky Anti-Virus for Windows workstations from 5.0.225 to 5.0.227

# Kaspersky Anti-Virus for Windows fileservers from 5.0.50 - 5.0.52 to 5.0.57

If Autoupdate is not working, you may manually update from the following source:

»ftp://ftp.avp.ru/updates50/AutoPatches/windows/]]> http://www.dslreports.com/forum/remark,14518759 Thu, 06 Oct 2005 15:28:43 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14518601 Don Pelotas :
said by GuruGuy :

Why is there no .390 version available to download? On the home products page, the most current available is still listed as .388

Because the patch which makes 5.0.388 into 5.0.390 is only 60 something kb's & is applied via the updater or manual download via the link WFO supplied earlier in this thread.:)]]> http://www.dslreports.com/forum/remark,14518601 Thu, 06 Oct 2005 15:03:45 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14518075 GuruGuy : Why is there no .390 version available to download? On the home products page, the most current available is still listed as .388
--
GuruGuy]]> http://www.dslreports.com/forum/remark,14518075 Thu, 06 Oct 2005 13:56:17 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14517947 docchat :
said by pc319 :

Yep, same here. KAV is now showing version 5.0.390

Yep....mine also auto-updated yesterday and I just rebooted the computer to enable the new version.

Doc]]> http://www.dslreports.com/forum/remark,14517947 Thu, 06 Oct 2005 13:42:25 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14517929 Dogwood : Could someone please point me to the proper file to update my copy of KAV Personal V5.0.227 to the most current version?
TIA]]> http://www.dslreports.com/forum/remark,14517929 Thu, 06 Oct 2005 13:40:33 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14517600 Cabledude27 : Cool when I get home tonight I'll uninstall the suite and reinstall with the 1.1.53 thanks again!
--
Your friendly neighborhood cabledude.]]> http://www.dslreports.com/forum/remark,14517600 Thu, 06 Oct 2005 12:53:23 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14517502 Don Pelotas :
said by Cabledude27 :

I use the KAV suite and it conflicts if I right click on the Icon and click about it gives me a lesser version than if I double click on the Icon and get the main gui. Last check on opening the GUI it's .228 after a reboot.

If new upgrades are coming I'll just wait. I was just wondering/concerned as I dont recall seeing many "product updates" and when I saw the various AV versions in the update field I wondered if something was amiss.

I was wrong, just spoke with headquarters and there won't be new versions right now, so you might as well update like i described in my previous post, sorry about the confusion.:) ]]> http://www.dslreports.com/forum/remark,14517502 Thu, 06 Oct 2005 12:39:29 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14517194 Don Pelotas :
said by Cabledude27 :

I use the KAV suite and it conflicts if I right click on the Icon and click about it gives me a lesser version than if I double click on the Icon and get the main gui. Last check on opening the GUI it's .228 after a reboot.

If new upgrades are coming I'll just wait. I was just wondering/concerned as I dont recall seeing many "product updates" and when I saw the various AV versions in the update field I wondered if something was amiss.

Ok, your version of the suite is 1.0.22, the latest is called 1.1.53.:)]]> http://www.dslreports.com/forum/remark,14517194 Thu, 06 Oct 2005 11:54:28 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14517048 Cabledude27 : I use the KAV suite and it conflicts if I right click on the Icon and click about it gives me a lesser version than if I double click on the Icon and get the main gui. Last check on opening the GUI it's .228 after a reboot.

If new upgrades are coming I'll just wait. I was just wondering/concerned as I dont recall seeing many "product updates" and when I saw the various AV versions in the update field I wondered if something was amiss.
--
Your friendly neighborhood cabledude.]]> http://www.dslreports.com/forum/remark,14517048 Thu, 06 Oct 2005 11:35:43 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14516912 dadkins :
said by 33591094 :

According to Kaspersky, KAV version 4.5 is not affected...

»www.kaspersky.com/news?id=171512144

Importantly, version 4.5 of Kaspersky Lab's antivirus products is not affected by the vulnerability.

;):)
--
Think outside the Fox... Opera]]> http://www.dslreports.com/forum/remark,14516912 Thu, 06 Oct 2005 11:15:11 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14516461 IGGY : Which version of the product are you using? I think the build number may be different depending on which version of the product is being used. I could be wrong on this. But this is what I think we may be seeing.

After installing this update the other day. And after just rebooting my machine now. I need to update our other pc in the house.

My build number for Personal Pro is 5.0.357. Which is what it was after the update and before the reboot of the pc.

I need to check the website to see if a newer build actually exist later on today.

Honestly I've always felt the Kaspersky update system was lacking in regards to alerting customers / users of newer builds being available.

I do know the patch was downloaded in the update the other day. And I did select to have it install.
--
Test Your Security Cable Diagnostics
My BLOG ZoneAlarm Help]]> http://www.dslreports.com/forum/remark,14516461 Thu, 06 Oct 2005 09:57:48 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14516454 Don Pelotas : Yes, thats what i would do. You use the suite don't you, you must because 5.0.228 is the AV in the suite, you can download from here:»www.kaspersky.com/productupdates, if i were you i would download the latest suite (not the technical release, thats for updating ontop of existing installation)and and also Kaspersky Personal 5.0.388 AV, then when you install the suite you deselect the AV and install 5.0.388 after having installed the suite, this way you're up to date with latest AV, FW, and antispam.

New versions are on the horizon and if you can wait a few days, then this might better for you, so you don't have to do the uninstall/reinstall dance again within a few days. ]]> http://www.dslreports.com/forum/remark,14516454 Thu, 06 Oct 2005 09:56:25 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14516322 Cabledude27 : Thank's Don, I do have that option checked as well I did end up rebooting and nada. I think something's up with it. I have a valid license and all that, do you think uninstalling it and reinstalling it with the latest product download from the KAV site would resolve the issue?
--
Your friendly neighborhood cabledude.]]> http://www.dslreports.com/forum/remark,14516322 Thu, 06 Oct 2005 09:30:24 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14515773 Don Pelotas : You need to reboot after applying the patch. For the updater to download it, you need to have "Update application modules" checkmarked in the updatersettings.]]> http://www.dslreports.com/forum/remark,14515773 Thu, 06 Oct 2005 07:08:08 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14513647 Cabledude27 : Ok, I am not seeing how to get it from my version to the "updated" version. When attempting to update it only updates the AV database. I cant remember the last time it update the product. I downloaded the patch_pers_5.0.121_142_149_156_227_228 version and now it says it's at 5.0.236 when I right click on the icon in the tray and click about. When I double left click on the icon and the GUI comes up and I click the support tab it tells me I have 5.0.228.

Help?!?!
--
Your friendly neighborhood cabledude.]]> http://www.dslreports.com/forum/remark,14513647 Wed, 05 Oct 2005 21:49:07 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14513467 WFO : If for some reason anyone needs a manual download of the patch...

»ftp://ftp.avp.ru/updates50/AutoPatches/windows/]]> http://www.dslreports.com/forum/remark,14513467 Wed, 05 Oct 2005 21:28:51 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14509174 pc319 : Yep, same here. KAV is now showing version 5.0.390]]> http://www.dslreports.com/forum/remark,14509174 Wed, 05 Oct 2005 11:09:45 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14509050 danny9 : FYI
just received the fix a few minutes ago and installed.]]> http://www.dslreports.com/forum/remark,14509050 Wed, 05 Oct 2005 10:52:19 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14508231 33591094 : According to Kaspersky, KAV version 4.5 is not affected...

»www.kaspersky.com/news?id=171512144

Importantly, version 4.5 of Kaspersky Lab's antivirus products is not affected by the vulnerability.
]]> http://www.dslreports.com/forum/remark,14508231 Wed, 05 Oct 2005 08:13:32 EDT Re: Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14508078 IGGY : There is a response from the company on their site. CNET did an article on this yesterday. And I just added an article on the subject to my blog. As was mentioned above a fix is supposedly on the way. Kaspersky currently states that they feel this a minor threat.

This thread was linked in my original article in regards to this.

According to an article I just read and I'll be adding this information to my blog. Kaspersky has stated this issue has now been fully addressed.
--
Test Your Security
Cable Diagnostics
Iggyz Blog ZoneAlarm Help]]> http://www.dslreports.com/forum/remark,14508078 Wed, 05 Oct 2005 07:24:40 EDT Re: Kaspersky AV Products Remote Heap Overflow Vul http://www.dslreports.com/forum/remark,14501030 Khaine : Fix is on the way:

»forum.kaspersky.com/index.php?showtopic=5014]]> http://www.dslreports.com/forum/remark,14501030 Tue, 04 Oct 2005 09:27:37 EDT Kaspersky AV Products Remote Heap Overflow Vuln. http://www.dslreports.com/forum/remark,14494903 DonnaB : Kaspersky Anti-Virus Products Remote Heap Overflow Vulnerability

A vulnerability has been identified in various Kaspersky Anti-Virus products, which could be exploited by attackers or malware to execute arbitrary commands. This issue is due to a heap overflow error in the CAB file format parser that does not properly handle a specially crafted file containing a malformed header, which could be exploited by attackers to execute arbitrary commands and compromise a vulnerable system (e.g. by sending an email containing a malicious CAB file).

Affected Products

Kaspersky Anti-Virus Library (cab.ppl) version 5.0.20.0 and prior
Kaspersky Anti-Virus 4.x
Kaspersky Anti-Virus 5.x
Kaspersky SMTP-Gateway 5.x

»www.frsirt.com/english/advisories/2005/1934
»www.rem0te.com/public/images/kaspersky.pdf
--
Microsoft MVP-Windows Security
Member of ASAP
Calendar of Updates
SecurityFlash]]> http://www.dslreports.com/forum/remark,14494903 Mon, 03 Oct 2005 13:45:13 EDT