----- Original Message ----- From: "Secunia Security Advisories" <[EMAIL PROTECTED]>
TITLE: Kaspersky Anti-Virus Zip Archive Virus Detection Bypass Vulnerability SECUNIA ADVISORY ID: SA12874 VERIFY ADVISORY: http://secunia.com/advisories/12874/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Kaspersky Anti-Virus 4.x http://secunia.com/product/916/ Kaspersky Anti-Virus 5.x http://secunia.com/product/2781/ Kaspersky SMTP Gateway 5.x http://secunia.com/product/4100/ DESCRIPTION: A vulnerability has been reported in Kaspersky Anti-Virus, which can be exploited by malware to bypass certain scanning functionality. The vulnerability is caused due to an error when parsing .zip archive headers and can be exploited via a specially crafted .zip archive where the uncompressed size of the archived file has been modified within the local and global headers. Successful exploitation causes malware in a specially crafted .zip archive to pass the scanning functionality undetected. NOTE: This is not a critical issue on client systems, as the malware still is detected upon execution. SOLUTION: According to the vendor, a fix will be available in the next cumulative update for the 3.x and 4.x engines and in a maintence pack for the 5.0 engine. Filter all compressed file archives (.zip) at border gateways. ORIGINAL ADVISORY: http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
