Kaspersky products found with Remote Code Execution flaw

In News

A major remote code execution vulnerability has been discovered in products from Kaspersky Lab, which pushed out a patch to customers in early April. The flaw, called CVE-2019-8285 and assigned a CVSS score of 8.0, was reported to Kaspersky by a team called “Imaginary.” The experts found a way to remotely execute arbitrary code by exploiting a heap-based buffer overflow.

Researchers believe the attackers could have manipulated the flaw to execute an arbitrary code with SYSTEM privileges by scanning a specially crafted JavaScript file.

According to Kaspersky, software using antivirus databases have been impacted.

It is believed that the flaw existed in the company’s antivirus engine and several impacted versions of Kaspersky Antivirus have been listed.

 

Comments

You may also read!

du acknowledged as the Best MSSP in the Middle East

du, from Emirates Integrated Telecommunications Company (EITC), presented the Managed Security Service Provider, “Visionary of the Year” Award by

Read More...

Forcepoint recognizes its partners in the region

Leading cybersecurity firm, Forcepoint recognized its key channel partner during its partner event held recently in Dubai, which was

Read More...

Tenable research discovers download hijack vulnerability in Slack

Tenable Inc, the Cyber Exposure company, announced that its research team has discovered a vulnerability in the Slack Desktop

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu