Kaspersky falls through Online Scanner flaw

By

A flaw in Kaspersky's Online Scanner could be exploited by malicious hackers to compromise a user's system.

Kaspersky falls through Online Scanner flaw
However, when vnunet.com first approached the security firm about the flaw a spokesman said that he was "unaware of the problem" and that the company would issue a statement later.

A return call several hours later from Kaspersky's senior technology consultant, David Emm, produced a similar response.

"At the end of the day nothing is 100 percent secure and anything humans can write, humans can undermine," he said, before going on to discuss two separate vulnerabilities.

When www.vnunet.com pointed out that we were talking about a flaw in the company's online scanner found today, he stated that he has not seen the problem. "I'm on a client day at Alton Towers," he said.

After further consultation, Emm called back again to say that users were covered by the version currently on the Kaspersky website.

"The software that's up there is the latest version and is the fixed version, " he said.

However, when asked whether this version will work if a user has the old version downloaded on their computer, Emm admitted that it would not.

"You will need to uninstall the one you had installed originally and install the latest version," he said.

When pressed as to whether Kaspersky will warn users about the situation, Emm said that it was "likely" but that he "cannot confirm it".

The vulnerability is caused by a format string error in the kavwebscan.CKAVWebScan ActiveX control which users have to download before using the scanner.

This could be exploited to execute arbitrary code, for example when a user visits a malicious website.

Security firm Secunia rated the vulnerability in an advisory as 'highly critical'.

The problem affects versions 5.0.93.1 and previous versions, but can be fixed by updating to version 5.0.98.0.

The problem was discovered by Stephen Fewer of Harmony Security and reported via iDefense Labs.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?