Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   Kaspersky Anti-Virus Vendors:   Kaspersky Lab
Kaspersky Anti-Virus Library Buffer Overflow in Processing CAB Files Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1014998
SecurityTracker URL:
CVE Reference:   CVE-2005-3142   (Links to External Site)
Updated:  Jun 15 2008
Original Entry Date:  Oct 3 2005
Impact:   Execution of arbitrary code via network, User access via network

Description:   A vulnerability was reported in Kaspersky Anti-Virus. A remote user can cause arbitrary code to be executed on the target system.

A remote user can create a specially crafted CAB formatted file that contains large non-null records and certain header flags that, when processed by the anti-virus library, will trigger a heap overflow and execute arbitrary code on the target system.

This can be exploited without user interaction in some default configurations.

Exploit vectors include FTP, HTTP, SMB, SMTP, and other protocols that scan CAB files.

Alex Wheeler discovered this vulnerability.

The original advisory is available at:

Impact:   A remote user can create a file that, when processed by the target system, will execute arbitrary code on the target system.
Solution:   No solution was available at the time of this entry.
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  [Full-disclosure] Kaspersky Antivirus Library Remote Heap Overflow

October 3, 2005

The Kaspersky Antivirus Library provides file format support for virus analysis. During analysis of cab files Kaspersky is vulnerable
 to a heap overflow allowing attackers complete control of the system(s) being protected. This vulnerability can be exploited remotely
 without user interaction in default configurations through common protocols such as SMTP, SMB, HTTP, and FTP. 

Successful exploitation of Kaspersky protected systems allows attackers unauthorized control of data and related privileges. It also
 provides leverage for further network compromise. Kaspersky Antivirus Library implementations are likely vulnerable in their default

Affected Products
Due to the library’s OS independent design and core functionality: it is likely this vulnerability affects a substantial portion
 of Kaspersky’s gateway, server, and client antivirus enabled product lines on most platforms.

Note: Kaspersky’s antivirus OEM product line is a program where vendors may license the vulnerable library. The following link is
 a list containing some of the Kaspersky partners with products also likely affected by this vulnerability. Refer to your vendor for

This vulnerability was discovered and researched by Alex Wheeler.


Advisory Details

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC