Kaspersky Lab has been hit by a security bug affecting a wide range of its anti-virus products. The bug isn't limited to a particular platform, and can be exploited through several common protocols to take over a protected system.
Separately, security vendors warned that exploit code has begun circulating publicly for an unpatched flaw in Microsoft Office that was first disclosed in April. The exploit makes it easier for attackers to take advantage of the hole, which, like the Kaspersky flaw, could allow attackers to take over a system.The Kaspersky flaw is in an Anti-virus Library used to parse CAB files. It could be exploited via protocols such as SMTP, SMB, HTTP and FTP, according to an advisory from Alex Wheeler, who discovered the flaw.
The problem has been confirmed in version 22.214.171.124 of the CAB scanning library, and probably affects other versions as well, security researchers said. The products affected include Kaspersky Anti-Virus 4.x, Kaspersky Anti-Virus 5.x and Kaspersky SMTP-Gateway 5.x.Source 2Kaspersky Labs on Tuesday confirmed that its anti-virus scanning engine was flawed, and said it was working on a fix. The Moscow-based security vendor also said a stop-gap measure, signatures for its software that will detect possible exploits, is already in place.