Kaspersky Anti-Virus Engine CHM File Parsing Overflow

2005-10-10T03:59:07
ID OSVDB:19912
Type osvdb
Reporter OSVDB
Modified 2005-10-10T03:59:07

Description

Vulnerability Description

A remote overflow exists in Kaspersky Anti-Virus. The Anti-Virus engine fails to perform proper bounds checking resulting in a heap-based buffer overflow. With a specially crafted CHM file, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Technical Description

According to the advisory, the heap-based buffer overflow does not affect Microsoft Windows platforms. However, if a malformed CHM file has been encountered, the engine will fail to scan any files, thus allowing further arbitrary code to reach the target.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Kaspersky has released a signature update to address this vulnerability.

Short Description

A remote overflow exists in Kaspersky Anti-Virus. The Anti-Virus engine fails to perform proper bounds checking resulting in a heap-based buffer overflow. With a specially crafted CHM file, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.kaspersky.com/ Security Tracker: 1015030 Secunia Advisory ID:17130 Other Advisory URL: http://www.idefense.com/application/poi/display?id=318&type=vulnerabilities Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0232.html ISS X-Force ID: 22564 CVE-2005-3664 Bugtraq ID: 15054