Kaspersky’s Online Scanner Flaw - Open Invitation to Hackers
Malevolent cyber-terrorists could easily manipulate a vulnerability discovered in Kaspersky's Online Scanner in order to infect a user's machine. But initially when Vnunet contacted the security company about the vulnerability, a representative maintained that he was "oblivious of the trouble" and that the firm would release a report shortly.
The Online Virus Scanner of Kaspersky Lab is a free online virus scanner service, allowing a user to check his computer for malware penetrating through its browser.
Distant hacking of a format string flaw in Kaspersky Lab's Online Virus Scanner service could enable a hacker to run an arbitrary code in the security framework of the exploited user. This flaw particularly can be found in the ActiveX control of Kaspersky's Online Virus Scanner.
Targeting this flaw would enable a far-flung hacker to run arbitrary code within the safety framework of the exploited consumer, by inducing the target to visit a malevolent site.
After Vnunet indicated that they were discussing vulnerability in the firm's online scanner, which was detected on October 11, 2007, David Emm, a Senior Technology Consultant at Kaspersky, said that he was yet to check the matter, as reported by Vnunet on October 11, 2007.
Leading security company Secunia ranked the flaw as 'very serious' in an advisory.
The flaw infects variants 220.127.116.11 and former versions, which can be repaired by modifying to version 18.104.22.168.
Harmony Security's Stephen Fewer detected the flaw and it was divulged by the iDefense Labs.
Security company Kaspersky was conscious of the vulnerability in its online scanner and had released a fix on October 9, 2007 in spite of statements made by its employees to Vnunet.
In contrast to the comments made in the report, Kaspersky Lab was actually cognizant of the problem and had released a communiqué on October 9, 2007 offering counsel [sic] to people, said the representative in a report.
In spite of this, the update was issued on the official Website of the firm under the header 'Kaspersky Lab declares the issue of the latest edition of its free Online Scanner by Kaspersky.
The statement by Kaspersky Lab strongly advised all the users of Kaspersky Online Scanner to set up the latest updated version of the software.
Related article: Kaspersky Released Malware Statistics for September 2008
» SPAMfighter News - 31-10-2007