Kaspersky compromised by another security breach

Security researchers have uncovered another serious breach in Kaspersky's Anti-Virus Engine (KAV), while at the same time Computer Associates has warned of a serious unpatched bug in its iGateway software.

The Kaspersky bug, disclosed by iDefense, affects the component of KAV used to parse CHM files. In Linux versions of KAV, a corrupt CHM file can trigger a buffer overflow and allow malicious code execution, with no user interaction required. In Windows installations such a file only disables the virus scanner, but this could allow for further attacks by allowing malicious code to bypass security systems. Techworld.com - Kaspersky compromised by another security breach

Linked by shanmuga Wednesday, 12th October 2005 3:41AM