Last week the company was informed of the vulnerability buffer Overflow which affected antivirus products in 2015 and 2016 and released a patch within 24 hours to address the issue.
Ο Tavis Ormandy he stood on twitter on September 5 one screenshot in relation to exploit showing his window computer to run behind the process antivirus of Kaspersky Lab . An ordinary method used for success exploit code execution is the opening tracing.exe from a different process.
It simply means that if an application contains a hole that allows an attacker to perform tracing.exe, the application can be used as a platform to run malicious code.
Her representative Kaspersky Lab, said the vulnerability was a buffer overflow and corrected within 24 hours after reporting. The correction was distributed to all customers with an automatic update.
On 7 September, Ormandy, again on his twitter, had sent some more vulnerabilities to investigate Kaspersky Lab, although there was still no information about it exploitability their.
How useful was this post?
Average rating / 5. Vote count:
No votes so far! Be the first to rate this post.