http://www.darkreading.com/endpoint/known-security-flaw-found-in-more-antivirus-products/d/d-id/1323480
By Kelly Jackson Higgins
Dark Reading
12/8/2015
Turns out a vulnerability discovered earlier this year in antivirus
software from AVG also was present in AV software products from Intel
McAfee and Kaspersky Lab.
The security bug -- which researchers at enSilo in March reported in AVG's
Internet Security 2015 build 5736 and virus database 8919 -- centers
around how the AV products in question allocate memory for read, write,
and execute purposes.
The AV products use "predictable" addresses that in turn could allow
malware to exploit vulnerable, out-of-date third-party Windows
applications for nefarious purposes. That effectively bypasses the AV
system and makes it easier for bad guys to exploit vulnerable browsers or
Adobe Reader, for example, to hack a Windows machine. enSilo today
disclosed that this fall, it found the flaw in Kaspersky Lab'sKaspersky
Total Security 2015 - 15.0.2.361 - kts15.0.2.361en_7342 and McAfee's Virus
Scan Enterprise version 8.8, including in its Anti Malware + Add-on
Modules, Scan Engine version (32 bit) 5700.7163, DAT version 7827.0000,
Buffer Overflow and Access Protection DAT version 659, after building its
own tool to test AV products for the flaw.
Both Kaspersky Lab and Intel McAfee have patched the flaw in their
respective products -- AVG fixed its bug just days after enSilo alerted
the company -- but enSilo says the vulnerability could well exist in other
software such as data leak prevention and performance monitoring products.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
