10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.563 Medium
EPSS
Percentile
97.7%
This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of the Kaspersky Anti-Virus Engine. User interaction is not required to exploit this vulnerability. The specific flaw exists in the engineβs handling of the ARJ archive format. The Kaspersky engine copies data from scanned archives into an unchecked heap-based buffer. This results in heap corruption when a malformed ARJ archive is processed by an application that utilizes the engine. This corruption can be exploited to execute arbitrary code.