Kaspersky confirm and close DoS vulnerability
The recently reported vulnerability to malformed URLs which could cause a denial of service with Kaspersky products has been closed. According to a statement from Kaspersky, the problem was caused by a faulty signature in Kaspersky Internet Security 2010 and Kaspersky Anti-Virus 2010 – "When parsing URL addresses formed in a certain way, including URLs in email messages, CPU usage could reach 100 per cent and block all web traffic."
The company has already corrected the faulty signature in a database update and says that it had no reported instances of system failure caused by the error while it was present in the database. It goes on to say that "had this vulnerability been exploited by cybercriminals, nothing more serious would have happened than the computer hanging" but that it is "constantly perfecting" its quality assurance processes.