SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kaspersky Anti-Virus Vendors:   Kaspersky Lab
Kaspersky Anti-Virus Library Buffer Overflow in Processing CAB Files Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1014998
SecurityTracker URL:  http://securitytracker.com/id/1014998
CVE Reference:   CVE-2005-3142   (Links to External Site)
Updated:  Jun 15 2008
Original Entry Date:  Oct 3 2005
Impact:   Execution of arbitrary code via network, User access via network


Description:   A vulnerability was reported in Kaspersky Anti-Virus. A remote user can cause arbitrary code to be executed on the target system.

A remote user can create a specially crafted CAB formatted file that contains large non-null records and certain header flags that, when processed by the anti-virus library, will trigger a heap overflow and execute arbitrary code on the target system.

This can be exploited without user interaction in some default configurations.

Exploit vectors include FTP, HTTP, SMB, SMTP, and other protocols that scan CAB files.

Alex Wheeler discovered this vulnerability.

The original advisory is available at:

http://www.rem0te.com/public/images/kaspersky.pdf

Impact:   A remote user can create a file that, when processed by the target system, will execute arbitrary code on the target system.
Solution:   No solution was available at the time of this entry.
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-disclosure] Kaspersky Antivirus Library Remote Heap Overflow

Date
October 3, 2005

Vulnerability
The Kaspersky Antivirus Library provides file format support for virus analysis. During analysis of cab files Kaspersky is vulnerable
 to a heap overflow allowing attackers complete control of the system(s) being protected. This vulnerability can be exploited remotely
 without user interaction in default configurations through common protocols such as SMTP, SMB, HTTP, and FTP. 

Impact
Successful exploitation of Kaspersky protected systems allows attackers unauthorized control of data and related privileges. It also
 provides leverage for further network compromise. Kaspersky Antivirus Library implementations are likely vulnerable in their default
 configuration.

Affected Products
Due to the library’s OS independent design and core functionality: it is likely this vulnerability affects a substantial portion
 of Kaspersky’s gateway, server, and client antivirus enabled product lines on most platforms. 

http://www.kaspersky.com/products

Note: Kaspersky’s antivirus OEM product line is a program where vendors may license the vulnerable library. The following link is
 a list containing some of the Kaspersky partners with products also likely affected by this vulnerability. Refer to your vendor for
 specifics.

http://www.kaspersky.com/oemsuccess

Credit
This vulnerability was discovered and researched by Alex Wheeler.

Contact
security@rem0te.com

Advisory Details
http://www.rem0te.com/public/images/kaspersky.pdf


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC