Kaspersky products found with Remote Code Execution flaw

In News

A major remote code execution vulnerability has been discovered in products from Kaspersky Lab, which pushed out a patch to customers in early April. The flaw, called CVE-2019-8285 and assigned a CVSS score of 8.0, was reported to Kaspersky by a team called “Imaginary.” The experts found a way to remotely execute arbitrary code by exploiting a heap-based buffer overflow.

Researchers believe the attackers could have manipulated the flaw to execute an arbitrary code with SYSTEM privileges by scanning a specially crafted JavaScript file.

According to Kaspersky, software using antivirus databases have been impacted.

It is believed that the flaw existed in the company’s antivirus engine and several impacted versions of Kaspersky Antivirus have been listed.

 

Comments

You may also read!

Kaspersky in partnership with Area9 Lyceum unveils Kaspersky Adaptive Online Training

Kaspersky has unveiled its new Kaspersky Adaptive Online Training, developed in partnership with Area9 Lyceum. The solution generates a

Read More...

SentinelOne chosen as the official cybersecurity provider to Aston Martin Lagonda

SentinelOne has been announced as the official cybersecurity provider to British luxury car manufacturer, Aston Martin Lagonda, deploying the

Read More...

Tenable ranked number one for device vulnerability management for 2019

Tenable, Inc. today announced that it has been ranked #1 for device vulnerability management for 2019 market share in

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu