The folks at Kaspersky have posted software updates for their anti-virus and internet security applications. There are several vulnerabilities that are addressed with this release.
From the advisory:
Kaspersky Antivirus ActiveX Unsafe Methods Vulnerability
This vulnerability allows remote attackers to download and remove any file on vulnerable versions of Kaspersky Anti-Virus. User interaction is required to exploit this vulnerability: the user must visit a webpage which takes advantage of this vulnerability. The specific flaw exists within the ActiveX controls in AxKLProd60.dll and AxKLSysInfo.dll
During installation of Maintenance Pack 2, the DLLs will be removed from the system.
Kaspersky Anti Virus SysInfo ActiveX Control Information Disclosure Vulnerability
The remote exploitation of the information disclosure vulnerability in Kaspersky Anti-Virus 6.0 could allow malicious websites to steal files from end user machine running Kaspersky Anti-Virus.
The SysInfo ActiveX control includes a method called StartUploading which allows malicious web scripts to perform an anonymous FTP transfer of any file the scripts identify on the victim’s machine. No dialogs, warnings or user action is required to perform the transfer.
During installation of Maintenance Pack 2, this DLL will be removed from system.
Kaspersky AV Library Remote Heap Overflow
This vulnerability affected systems which are running the Kaspersky Anti-Virus Engine. User interaction is not required to exploit this vulnerability.
The OnDemand Scanner incorrectly parses specially crafted ARJ archives inside the arj.ppl module. This results in a memory overrun. Most often the product simply crashes. The corruption potentially can be exploited to execute arbitrary code without user interaction. Any products using arj.ppl are vulnerable.klif.sys Heap Overflow Vulnerability
Locally executed code can write some special values into registry that hangs klif.sys driver, part of the proactive protection. The driver hooks and screens certain system calls, including registry functions. One of the hook functions is vulnerable to an integer overflow that leads to a kernel heap overflow. If a large unsigned value for the data size argument is passed an arithmetic overflow occurs when the amount of memory to allocate is calculated. A copy operation into this buffer causes a corruption of kernel page pool memory.KLIF Local Privilege Escalation Vulnerability
This vulnerability allows locally executed code to receive Ring-0 privileges through klif.sys unsafe code. User interaction is required to execute the code. The vulnerability is local and code should first appear on user’s computer.All these vulnerabilities have been fixed in the build 6.0.2. 614.
[tags]Kaspersky, Antivirus, Vulnerabilities[/tags]
