아이디/패스워드 기억
최근사진
Total : 76,069
Yesterday : 17
Today : 30

Kaspersky Anti-Virus Products Remote Heap Overflow Vulnerability

ino | 2005.10.04 15:20 | 조회 1033
FrSIRT Advisory : FrSIRT/ADV-2005-1934
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-10-03

* Technical Description *

A vulnerability has been identified in various Kaspersky Anti-Virus products, which could be exploited by attackers or malware to execute arbitrary commands. This flaw is due to a heap overflow error in the CAB file format parser (cab.ppl) that does not properly handle a specially crafted file containing a malformed header, which could be exploited by attackers to execute arbitrary commands and compromise a vulnerable system (e.g. by sending an email containing a malicious CAB file).

The issue has been reported in version 5.0.20.0 of the CAB scanning library (cab.ppl). Other versions may also be vulnerable.

* Affected Products *

Kaspersky Anti-Virus 4.x
Kaspersky Anti-Virus 5.x
Kaspersky SMTP-Gateway 5.x

* Solution *

The FrSIRT is not aware of any official supplied patch for this issue.

* References *

http://www.frsirt.com/english/advisories/2005/1934
http://www.rem0te.com/public/images/kaspersky.pdf
twitter facebook me2day 요즘
110개(1/6페이지)
보안
번호 제목 글쓴이 조회 날짜
110 공유기별 기본 패스워드 및 포트포워딩 위치. 몰라맨 191 2016.07.25 09:58
109 usb 사용흔적제거에 강력한 유틸 몰라맨 155 2014.03.14 21:33
108 Adobe Flash Player/Reader/Acrobat 신규 취약점 몰라맨 188 2011.03.21 10:10
107 제로보드 보안 패치 pl9 첨부파일 ino 417 2009.02.10 18:45
106 [일반] Google's new Web browser (Chrome) allows ino 440 2008.09.05 09:47
105 [일반] 해킹의 표적 -가상 메모리 파일(Pagefile.sys)을 윈도우 종료시 ino 608 2008.02.19 13:25
104 [일반] 시스템 분석 - 추적 비밀글 ino 5 2008.02.05 16:16
103 [일반] Updated sendmail packages fix security i ino 1115 2006.04.18 10:37
102 [일반] 공개 웹 게시판 제로보드 취약점 패치 권고 ino 3499 2006.04.02 18:22
101 [일반] Microsoft Windows WMF/EMF File Handling ino 1214 2005.11.17 11:13
100 [일반] openssl 보안 업데이트 ino 1208 2005.10.17 21:19
99 [일반] Linux Kernel Local Denial of Service and ino 1206 2005.10.11 23:29
>> [일반] Kaspersky Anti-Virus Products Remote Hea ino 1034 2005.10.04 15:20
97 [일반] ProZilla "ftpsearch" Option Client-Side ino 1071 2005.10.03 18:40
96 [일반] Updated kernel packages fix security iss ino 2341 2005.06.19 17:43
95 [일반] MySQL MaxDB Webtool Remote Stack Overflo ino 1421 2005.05.11 21:39
94 [일반] IBM AS/400 LDAP Server User Accounts Dis ino 1420 2005.04.06 11:01
93 [일반] PHP 4.x/5.x Denial of Service and Securi ino 1410 2005.04.03 13:23
92 [일반] Linux Kernel v2.6.10 Remote Denial of Se ino 1424 2005.03.30 21:22
91 [일반] overwriting low kernel memory ino 1370 2005.03.23 15:02