vulnerability in KAV/KIS 6.0/7.0 ... patched

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,751
Reaction score
1,210
An advisory has recently been published on rootkit.com regarding a vulnerability in KAV 7.0. Unfortunately, the authors of this material chose not to adhere to industry standard practice, and contact the vendor prior to disclosing vulnerability details. Although the authors claim that all attempts to inform Kaspersky Lab about this vulnerability were ignored, this is not the case: if we had been informed, this issue would have been addressed long ago.

The following products are vulnerable:
  • Kaspersky Internet Security 6.0/7.0
  • Kaspersky Anti-Virus 6.0/7.0
  • Kaspersky Anti-Virus for Windows Workstations 6.0
  • Kaspersky Anti-Virus 6.0 for Windows Servers
These products are vulnerable only when run on the following OSs:
  • Windows NT
  • Windows 2000
  • Windows 2003 x86
  • Windows XP x86
Products running on other Microsoft OS (mucks: like Vista) are not affected by this issue.

This vulnerability is classified as low risk because of its local nature: the user has to manually launch the exploit on his computer. Exploiting the vulnerability results in a critical system error (BSOD) but does not escalate privileges or provide a remote user with control over the computer.

A patch HAS be issued for this vulnerability. The patch will install itself automatically.


A reboot is required.

user.gif
 
Back
Top