The Vulnerability Returns. Starring Kaspersky!

Let's make a quick analysis over the antivirus market currently available to all the Internet users. Symantec's Norton Antivirus, Kaspersky's Antivirus and McAfee's tool are the most powerful security utilities ever created. Symantec and McAfee were assaulted by numerous security flaws that made users' computers vulnerable to attacks, the two applications being brought in the spotlight several times. From the list I mentioned below, Kaspersky looks like the most secure tool but, I'm sorry that I must inform you that the utility is also vulnerable.

"Remote exploitation of a denial of service (DoS) vulnerability in Kaspersky Lab's Antivirus could allow an attacker to conduct a DoS attack on a targeted host. The antivirus engine is vulnerable to a DoS condition when processing an executable packed with UPX compression. Malformed compressed data causes the decompression routine to enter an infinite loop. Specifically, a negative data offset results in the same compressed data chunk being processed endlessly. If this attack is conducted against an e-mail gateway running Kaspersky, legitimate clients may be unable to send e-mail through the server," iDefense Labs sustained in a security advisory.

The exploitation of the security flaw is quite simple: the attack is conducted through an e-mail gateway and, once the hacker manages to enter the system, the vulnerability will cause maximum CPU usage while the computer will become unusable. Although the system owner isn't able to do much about it, the connected hacker can control all the functions of the computer using a simple remote connection. The affected versions of the application are Kaspersky Labs Antivirus Engine version 6.0.1.411 for Windows and 5.5-10 for Linux.

Kaspersky Labs sustained the security flaw was patched on February 7, 2007 using the auto-update feature implemented into all the products developed by the company. Kaspersky Antivirus was also tested by Softpedia and it is available as a free download on this link.