RealTime IT News

Kasperksy Admits Antivirus Flaw

Following several weeks of speculation over a potentially serious flaw in its antivirus software, Kaspersky Labs has acknowledged the problem and said it plans to release a patch today.

The vulnerability, made public by independent researcher Alex Wheeler, could allow a hacker to take control of the popular antivirus software by sending a specially crafted CAB file, which crashes the antivirus application.

However, the lab said the vulnerability is limited to Microsoft Windows-based versions of its products.

This attack, once past the AV scanning engine, could be executed without user intervention. Although the flaw has been rated "critical" by some vulnerability testers, Kaspersky downplayed the threat.

"The actual threat posed by the vulnerability is minimal," Kaspersky said in a statement. The lab said it will release updates eliminating the vulnerability today and that they'll be available for installation using standard updating procedures.

After confirming the vulnerability, the Moscow-based vendor said in a statement, "Kaspersky Lab specialists have taken measures to eliminate the threat related to the CAB module vulnerability."

Kaspersky Labs said that it had previously altered the CAB files used in the software on Sept. 29 to reduce the threat.

No attempts to create and distribute such exploits have been recorded to date, the company said.

The products affected are Kaspersky Anti-Virus Personal, Pro 5.0, Anti-Virus 5.0 for Windows Workstations and Windows File Servers and Personal Security Suite 1.1.