A return call several hours later from Kaspersky's senior technology consultant, David Emm, produced a similar response.
"At the end of the day nothing is 100 percent secure and anything humans can write, humans can undermine," he said, before going on to discuss two separate vulnerabilities.
When www.vnunet.com pointed out that we were talking about a flaw in the company's online scanner found today, he stated that he has not seen the problem. "I'm on a client day at Alton Towers," he said.
After further consultation, Emm called back again to say that users were covered by the version currently on the Kaspersky website.
"The software that's up there is the latest version and is the fixed version, " he said.
However, when asked whether this version will work if a user has the old version downloaded on their computer, Emm admitted that it would not.
"You will need to uninstall the one you had installed originally and install the latest version," he said.
When pressed as to whether Kaspersky will warn users about the situation, Emm said that it was "likely" but that he "cannot confirm it".
The vulnerability is caused by a format string error in the kavwebscan.CKAVWebScan ActiveX control which users have to download before using the scanner.
This could be exploited to execute arbitrary code, for example when a user visits a malicious website.
Security firm Secunia rated the vulnerability in an advisory as 'highly critical'.
The problem affects versions 5.0.93.1 and previous versions, but can be fixed by updating to version 5.0.98.0.
The problem was discovered by Stephen Fewer of Harmony Security and reported via iDefense Labs.
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
