Kaspersky AV Products Remote Heap Overflow Vuln.

Author	All Replies
DonnaB Premium join:2003-05-07 malaysia	Kaspersky AV Products Remote Heap Overflow Vuln. Kaspersky Anti-Virus Products Remote Heap Overflow Vulnerability A vulnerability has been identified in various Kaspersky Anti-Virus products, which could be exploited by attackers or malware to execute arbitrary commands. This issue is due to a heap overflow error in the CAB file format parser that does not properly handle a specially crafted file containing a malformed header, which could be exploited by attackers to execute arbitrary commands and compromise a vulnerable system (e.g. by sending an email containing a malicious CAB file). Affected Products Kaspersky Anti-Virus Library (cab.ppl) version 5.0.20.0 and prior Kaspersky Anti-Virus 4.x Kaspersky Anti-Virus 5.x Kaspersky SMTP-Gateway 5.x »www.frsirt.com/english/advisories/2005/1934 »www.rem0te.com/public/images/kaspersky.pdf -- Microsoft MVP-Windows Security Member of ASAP Calendar of Updates SecurityFlash
	to forum · permalink · · 2005-10-03 13:45:13 ·
Khaine join:2003-03-03 Australia	Re: Kaspersky AV Products Remote Heap Overflow Vul Fix is on the way: »forum.kaspersky.com/index.php?showtopic=5014
	to forum · permalink · · 2005-10-04 09:27:37 ·
IGGY No Guru Just Here To Help Premium,MVM join:2001-03-30 Chatham, IL 1 edit	reply to DonnaB Re: Kaspersky AV Products Remote Heap Overflow Vuln. There is a response from the company on their site. CNET did an article on this yesterday. And I just added an article on the subject to my blog. As was mentioned above a fix is supposedly on the way. Kaspersky currently states that they feel this a minor threat. This thread was linked in my original article in regards to this. According to an article I just read and I'll be adding this information to my blog. Kaspersky has stated this issue has now been fully addressed. -- Test Your Security Cable Diagnostics Iggyz Blog ZoneAlarm Help
	to forum · permalink · · 2005-10-05 07:24:40 ·
Davebo join:2002-11-19 Canada	reply to DonnaB Re: Kaspersky AV Products Remote Heap Overflow Vul According to Kaspersky, KAV version 4.5 is not affected... »www.kaspersky.com/news?id=171512144 Importantly, version 4.5 of Kaspersky Lab's antivirus products is not affected by the vulnerability.
	to forum · permalink · · 2005-10-05 08:13:32 ·
danny9 Go Ahead, Make My Day Premium join:2002-07-14 Clinton Township, MI clubs:	FYI just received the fix a few minutes ago and installed.
	to forum · permalink · · 2005-10-05 10:52:19 ·
pc319 Premium join:2002-04-24 The Q	Yep, same here. KAV is now showing version 5.0.390
	to forum · permalink · · 2005-10-05 11:09:45 ·
WFO Premium join:2001-08-27 San Ramon, CA	reply to DonnaB If for some reason anyone needs a manual download of the patch... »ftp://ftp.avp.ru/updates50/AutoPatches/windows/
	to forum · permalink · · 2005-10-05 21:28:51 ·
Cabledude27 Premium join:2001-12-23 Pennsville, NJ	reply to DonnaB Ok, I am not seeing how to get it from my version to the "updated" version. When attempting to update it only updates the AV database. I cant remember the last time it update the product. I downloaded the patch_pers_5.0.121_142_149_156_227_228 version and now it says it's at 5.0.236 when I right click on the icon in the tray and click about. When I double left click on the icon and the GUI comes up and I click the support tab it tells me I have 5.0.228. Help?!?! -- Your friendly neighborhood cabledude.
	to forum · permalink · · 2005-10-05 21:49:07 ·
Don Pelotas join:2004-12-10 1 edit	You need to reboot after applying the patch. For the updater to download it, you need to have "Update application modules" checkmarked in the updatersettings.
	to forum · permalink · · 2005-10-06 07:08:08 ·
Cabledude27 Premium join:2001-12-23 Pennsville, NJ	reply to DonnaB Thank's Don, I do have that option checked as well I did end up rebooting and nada. I think something's up with it. I have a valid license and all that, do you think uninstalling it and reinstalling it with the latest product download from the KAV site would resolve the issue? -- Your friendly neighborhood cabledude.
	to forum · permalink · · 2005-10-06 09:30:24 ·
Don Pelotas join:2004-12-10	reply to DonnaB Re: Kaspersky AV Products Remote Heap Overflow Vuln. Yes, thats what i would do. You use the suite don't you, you must because 5.0.228 is the AV in the suite, you can download from here:»www.kaspersky.com/productupdates, if i were you i would download the latest suite (not the technical release, thats for updating ontop of existing installation)and and also Kaspersky Personal 5.0.388 AV, then when you install the suite you deselect the AV and install 5.0.388 after having installed the suite, this way you're up to date with latest AV, FW, and antispam. New versions are on the horizon and if you can wait a few days, then this might better for you, so you don't have to do the uninstall/reinstall dance again within a few days.
	to forum · permalink · · 2005-10-06 09:56:25 ·
IGGY No Guru Just Here To Help Premium,MVM join:2001-03-30 Chatham, IL	reply to Cabledude27 Re: Kaspersky AV Products Remote Heap Overflow Vul Which version of the product are you using? I think the build number may be different depending on which version of the product is being used. I could be wrong on this. But this is what I think we may be seeing. After installing this update the other day. And after just rebooting my machine now. I need to update our other pc in the house. My build number for Personal Pro is 5.0.357. Which is what it was after the update and before the reboot of the pc. I need to check the website to see if a newer build actually exist later on today. Honestly I've always felt the Kaspersky update system was lacking in regards to alerting customers / users of newer builds being available. I do know the patch was downloaded in the update the other day. And I did select to have it install. -- Test Your Security Cable Diagnostics My BLOG ZoneAlarm Help
	to forum · permalink · · 2005-10-06 09:57:48 ·
dadkins Can you do Blu? Premium,MVM join:2003-09-26 Hercules, CA ·Comcast	reply to Davebo said by Davebo : According to Kaspersky, KAV version 4.5 is not affected... »www.kaspersky.com/news?id=171512144 Importantly, version 4.5 of Kaspersky Lab's antivirus products is not affected by the vulnerability. ;):) -- Think outside the Fox... Opera
	to forum · permalink · · 2005-10-06 11:15:11 ·
Cabledude27 Premium join:2001-12-23 Pennsville, NJ	reply to DonnaB I use the KAV suite and it conflicts if I right click on the Icon and click about it gives me a lesser version than if I double click on the Icon and get the main gui. Last check on opening the GUI it's .228 after a reboot. If new upgrades are coming I'll just wait. I was just wondering/concerned as I dont recall seeing many "product updates" and when I saw the various AV versions in the update field I wondered if something was amiss. -- Your friendly neighborhood cabledude.
	to forum · permalink · · 2005-10-06 11:35:43 ·
Don Pelotas join:2004-12-10	said by Cabledude27 : I use the KAV suite and it conflicts if I right click on the Icon and click about it gives me a lesser version than if I double click on the Icon and get the main gui. Last check on opening the GUI it's .228 after a reboot. If new upgrades are coming I'll just wait. I was just wondering/concerned as I dont recall seeing many "product updates" and when I saw the various AV versions in the update field I wondered if something was amiss. Ok, your version of the suite is 1.0.22, the latest is called 1.1.53.:)
	to forum · permalink · · 2005-10-06 11:54:28 ·
Don Pelotas join:2004-12-10	reply to Cabledude27 said by Cabledude27 : I use the KAV suite and it conflicts if I right click on the Icon and click about it gives me a lesser version than if I double click on the Icon and get the main gui. Last check on opening the GUI it's .228 after a reboot. If new upgrades are coming I'll just wait. I was just wondering/concerned as I dont recall seeing many "product updates" and when I saw the various AV versions in the update field I wondered if something was amiss. I was wrong, just spoke with headquarters and there won't be new versions right now, so you might as well update like i described in my previous post, sorry about the confusion.:)
	to forum · permalink · · 2005-10-06 12:39:29 ·
Cabledude27 Premium join:2001-12-23 Pennsville, NJ	reply to DonnaB Cool when I get home tonight I'll uninstall the suite and reinstall with the 1.1.53 thanks again! -- Your friendly neighborhood cabledude.
	to forum · permalink · · 2005-10-06 12:53:23 ·
Dogwood Premium join:2001-01-14 Texas clubs:	reply to DonnaB Re: Kaspersky AV Products Remote Heap Overflow Vuln. Could someone please point me to the proper file to update my copy of KAV Personal V5.0.227 to the most current version? TIA
	to forum · permalink · · 2005-10-06 13:40:33 ·
docchat join:2002-10-02 New York, NY	reply to pc319 Re: Kaspersky AV Products Remote Heap Overflow Vul said by pc319 : Yep, same here. KAV is now showing version 5.0.390 Yep....mine also auto-updated yesterday and I just rebooted the computer to enable the new version. Doc
	to forum · permalink · · 2005-10-06 13:42:25 ·
GuruGuy join:2002-12-16 Atlanta, GA	reply to DonnaB Re: Kaspersky AV Products Remote Heap Overflow Vuln. Why is there no .390 version available to download? On the home products page, the most current available is still listed as .388 -- GuruGuy
	to forum · permalink · · 2005-10-06 13:56:17 ·


Sunday, 05-Jul 10:44:44	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9.5 years online! © 1999-2009 dslreports.com. page compression OFF