Heap-based Buffer Overflow in Kaspersky Anti-Virus Engine and Related Products
CVE-2005-3664

Currently unrated

Key Information:

Vendor: kaspersky
Status: Kaspersky Anti-virus; Kaspersky Anti-virus Personal; F-secure Anti-virus
Vendor: CVE Published:; 18 November 2005

Summary

A heap-based buffer overflow exists within the Kaspersky Anti-Virus Engine, utilized in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50. This vulnerability allows remote attackers to execute arbitrary code by delivering a specially crafted CHM file. The flaw can be exploited to compromise system integrity and confidentiality, making it crucial for users of the affected products to apply necessary security patches and updates promptly.

References

http://secunia.com/advisories/17130

third-party-advisoryx_refsource_SECUNIA

http://www.osvdb.org/19913

vdb-entryx_refsource_OSVDB

http://www.idefense.com/application/poi/display?id=318&ty...

third-party-advisoryx_refsource_IDEFENSE

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 18, 2005
Vulnerability Reserved
Nov 18, 2005