Kaspersky Software Flaw

Kaspersky anitvirus software flaw was announced by a independent resercher, and Kaspersky has issued the following statement,

There has recently been a wide-ranging discussion in the mass media about a report by Alex Wheeler, an independent researcher, that a vulnerability related to processing files of the CAB format has been discovered in Kaspersky Lab antivirus products. Taking into account the close attention of the computer community, Kaspersky Lab considers it necessary to provide official comments on the incident.

The company confirms the presence of a vulnerability in a Kaspersky Anti-Virus module used to process CAB files. Taking advantage of this vulnerability results in a malfunction of the antivirus program. This effect is present only in the Windows environment and does not affect other operating systems.

The also confirmed that they have created a signature file that will detect any exploits, and that they will update their software soon to fix the flaw. Read more here.

From News.com,

Kaspersky issued the statement in response to a report on Monday of a flaw in its antivirus library. An attacker could exploit the heap overflow vulnerability to commandeer systems that run Kaspersky’s products, security researcher Alex Wheeler wrote in an advisory (download PDF).

“The actual threat posed by the…vulnerability is minimal and cannot affect the level of antivirus protection provided by Kaspersky Lab products,” the company said in the statement.

Wheeler informed Kaspersky of the flaw around Sept. 24, said Stephen Orenberg, president of Kaspersky’s North American operations. After an initial investigation, Kaspersky provided updated antivirus signatures on Sept. 29 to protect customers against attacks exploiting the flaw, he said. A final fix is due Wednesday, Orenberg said.