Kaspersky products found with Remote Code Execution flaw

In News

A major remote code execution vulnerability has been discovered in products from Kaspersky Lab, which pushed out a patch to customers in early April. The flaw, called CVE-2019-8285 and assigned a CVSS score of 8.0, was reported to Kaspersky by a team called “Imaginary.” The experts found a way to remotely execute arbitrary code by exploiting a heap-based buffer overflow.

Researchers believe the attackers could have manipulated the flaw to execute an arbitrary code with SYSTEM privileges by scanning a specially crafted JavaScript file.

According to Kaspersky, software using antivirus databases have been impacted.

It is believed that the flaw existed in the company’s antivirus engine and several impacted versions of Kaspersky Antivirus have been listed.

 

Comments

You may also read!

Security vulnerability in Bluetooth puts iOS and Windows 10 devices at risk

In a research paper titled Tracking Anonymized Bluetooth Devices, researchers have revealed that a security flaw in Bluetooth communication

Read More...

Humans cause nine out of ten data breaches in the cloud

Incidents in public cloud infrastructure are more likely to happen because of a customer’s employees rather than actions carried

Read More...

FireEye expands Managed Defense MDR services

FireEye, the intelligence-led security company, today announced the availability of two new managed detection and response (MDR) service offerings

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu