Heap-Based Buffer Overflow in Kaspersky Lab Antivirus Engine
CVE-2019-8285

8.8HIGH

Key Information:

Vendor: Kaspersky
Status: Kaspersky Antivirus Engine
Vendor: CVE Published:; 8 May 2019

Summary

The Kaspersky Lab Antivirus Engine, prior to April 4, 2019, contains a heap-based buffer overflow vulnerability that may enable an attacker to execute arbitrary code on the affected system. This vulnerability arises from improper handling of memory operations, potentially leading to unauthorized access or control over the victim's machine. User systems running unpatched versions of the antivirus software are particularly at risk, and updating to the latest version is strongly recommended.

Affected Version(s)

Kaspersky Lab Antivirus Engine version before 04.apr.2019

References

https://support.kaspersky.com/vulnerability.aspx?el=12430...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/108284

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 8, 2019
Vulnerability Reserved
Feb 12, 2019