Kaspersky Internet Security HTTPS Inspection Insecure Certificate Validation

A code execution vulnerability has been reported in Kaspersky Internet Security. This vulnerability is due to improper validation of a temporary certificate name. A remote, unauthenticated attacker can exploit this vulnerability by sending the user a crafted certificate, potentially leading to a...

Kaspersky AntiVirus - Certificate Handling Directory Traversal

Kaspersky AntiVirus - Certificate Handling Directory Traversal Source: https://code.google.com/p/google-security-research/issues/detail?id=539 When Kaspersky https inspection is enabled, temporary certificates are created in %PROGRAMDATA% for validation. I observed that the naming pattern is...