- Joined
- Mar 5, 2002
- Messages
- 25,739
- Reaction score
- 1,204
An advisory has recently been published on rootkit.com regarding a vulnerability in KAV 7.0. Unfortunately, the authors of this material chose not to adhere to industry standard practice, and contact the vendor prior to disclosing vulnerability details. Although the authors claim that all attempts to inform Kaspersky Lab about this vulnerability were ignored, this is not the case: if we had been informed, this issue would have been addressed long ago.
The following products are vulnerable:
This vulnerability is classified as low risk because of its local nature: the user has to manually launch the exploit on his computer. Exploiting the vulnerability results in a critical system error (BSOD) but does not escalate privileges or provide a remote user with control over the computer.
A patch HAS be issued for this vulnerability. The patch will install itself automatically.
A reboot is required.
The following products are vulnerable:
- Kaspersky Internet Security 6.0/7.0
- Kaspersky Anti-Virus 6.0/7.0
- Kaspersky Anti-Virus for Windows Workstations 6.0
- Kaspersky Anti-Virus 6.0 for Windows Servers
- Windows NT
- Windows 2000
- Windows 2003 x86
- Windows XP x86
This vulnerability is classified as low risk because of its local nature: the user has to manually launch the exploit on his computer. Exploiting the vulnerability results in a critical system error (BSOD) but does not escalate privileges or provide a remote user with control over the computer.
A patch HAS be issued for this vulnerability. The patch will install itself automatically.
A reboot is required.