- security News Forums
- > DoS vulnerability in Kaspersky products
- > Kaspersky Lab fixes vulnerability in the company’s antivirus products
Posting 
Kaspersky Lab fixes vulnerability in the company’s antivirus products 25 August 2009 11:13
Kaspersky Lab has closed a vulnerability that arose when parsing
specially formed URL addresses. Information about the vulnerability,
which results in a system error, was published on
http://securityreason.com on 19 August.
The DoS (Denial of Service) vulnerability reported by an independent
analyst was caused by a faulty signature. Kaspersky Internet Security
2010 and Kaspersky Anti-Virus 2010 were affected by the problem. When
parsing URL addresses formed in a certain way, including URLs in
email messages, CPU usage could reach 100% and block all web traffic.
There have been no reported instances of system failure caused by
this signature since it was included in antivirus databases. Had this
vulnerability been exploited by cybercriminals, nothing more serious
would have happened than the computer hanging.
The faulty signature was modified in the next database update on the
same day, which means the vulnerability has been completely removed.
The company is constantly perfecting its procedures for product
testing and releasing updates in order to prevent such errors from
occurring in future.
- Threaded View
- Flat View
