Sunday, October 5, 2008

Kaspersky debugs critical bugs in antivirus its products

Antivirus vendor Kaspersky has released Maintenance Pack 2 for Kaspersky Anti-Virus 6.0 and Kaspersky Internet Security 6.0 to close a number of security holes, some of which are critical. For instance, attackers can exploit flaws in the installed ActiveX controls AxKLProd60.dll and AxKLSysInfo.dll to download or delete files from a victim’s computer. This is also possible with the ActiveX control SysInfo, which allows an FTP transfer to be launched on the user’s computer without authentication and without prompting the user. In all three cases, however, the victim first has to visit a malicious website using Internet Explorer. While the Maintenance Pack does remedy the holes, it does not do so by correcting the flaws, but instead deletes the vulnerable controls during installation.


In addition, two heap overflows have been found in Kaspersky products. One of them can be triggered by specially prepared ARJ Archives in an on-demand scan: the scanner can be brought down and code injected and launched. The other overflow is the result of a flaw in the hook function of the driver klif.sys which can be exploited to execute code with kernel privileges. According to the experts at security service provider iDefense who made the discovery, these holes are very difficult to exploit. Finally, yet another flaw in this driver allows programs to be executed with the highest privileges (ring 0). The flaws have been remedied in build 6.0.2.614.


Users are advised to download and install the product updates as quickly as possible.

No comments: