아이디/패스워드 기억
최근사진
Total : 64,697
Yesterday : 14
Today : 43

Kaspersky Anti-Virus Products Remote Heap Overflow Vulnerability

ino | 2005.10.04 15:20 | 조회 967
FrSIRT Advisory : FrSIRT/ADV-2005-1934
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-10-03

* Technical Description *

A vulnerability has been identified in various Kaspersky Anti-Virus products, which could be exploited by attackers or malware to execute arbitrary commands. This flaw is due to a heap overflow error in the CAB file format parser (cab.ppl) that does not properly handle a specially crafted file containing a malformed header, which could be exploited by attackers to execute arbitrary commands and compromise a vulnerable system (e.g. by sending an email containing a malicious CAB file).

The issue has been reported in version 5.0.20.0 of the CAB scanning library (cab.ppl). Other versions may also be vulnerable.

* Affected Products *

Kaspersky Anti-Virus 4.x
Kaspersky Anti-Virus 5.x
Kaspersky SMTP-Gateway 5.x

* Solution *

The FrSIRT is not aware of any official supplied patch for this issue.

* References *

http://www.frsirt.com/english/advisories/2005/1934
http://www.rem0te.com/public/images/kaspersky.pdf
twitter facebook me2day 요즘
110개(1/6페이지)
보안
번호 제목 글쓴이 조회 날짜
110 공유기별 기본 패스워드 및 포트포워딩 위치. 몰라맨 83 2016.07.25 09:58
109 usb 사용흔적제거에 강력한 유틸 몰라맨 70 2014.03.14 21:33
108 Adobe Flash Player/Reader/Acrobat 신규 취약점 몰라맨 127 2011.03.21 10:10
107 제로보드 보안 패치 pl9 첨부파일 ino 354 2009.02.10 18:45
106 [일반] Google's new Web browser (Chrome) allows ino 373 2008.09.05 09:47
105 [일반] 해킹의 표적 -가상 메모리 파일(Pagefile.sys)을 윈도우 종료시 ino 539 2008.02.19 13:25
104 [일반] 시스템 분석 - 추적 비밀글 ino 5 2008.02.05 16:16
103 [일반] Updated sendmail packages fix security i ino 1055 2006.04.18 10:37
102 [일반] 공개 웹 게시판 제로보드 취약점 패치 권고 ino 3438 2006.04.02 18:22
101 [일반] Microsoft Windows WMF/EMF File Handling ino 1156 2005.11.17 11:13
100 [일반] openssl 보안 업데이트 ino 1136 2005.10.17 21:19
99 [일반] Linux Kernel Local Denial of Service and ino 1137 2005.10.11 23:29
>> [일반] Kaspersky Anti-Virus Products Remote Hea ino 968 2005.10.04 15:20
97 [일반] ProZilla "ftpsearch" Option Client-Side ino 1008 2005.10.03 18:40
96 [일반] Updated kernel packages fix security iss ino 2277 2005.06.19 17:43
95 [일반] MySQL MaxDB Webtool Remote Stack Overflo ino 1346 2005.05.11 21:39
94 [일반] IBM AS/400 LDAP Server User Accounts Dis ino 1353 2005.04.06 11:01
93 [일반] PHP 4.x/5.x Denial of Service and Securi ino 1335 2005.04.03 13:23
92 [일반] Linux Kernel v2.6.10 Remote Denial of Se ino 1357 2005.03.30 21:22
91 [일반] overwriting low kernel memory ino 1312 2005.03.23 15:02