Anti-virus vendor Kaspersky Lab has confirmed that it has a potentially serious flaw in its software, but says the actual threat is minimal.
In a statement issued yesterday, Kaspersky said there was a vulnerability in a Kaspersky Anti-Virus module used to process CAB files.
"Taking advantage of this vulnerability results in a malfunction of the anti-virus program. This effect is present only in the Windows environment and does not affect other operating systems," the statement said.
The firm said its specialists have taken measures to eliminate the threat related to the CAB module vulnerability.
"On receiving the relevant data, the virus analyst team within a short time period created a package of signatures that detect possible exploits of this vulnerability. This set of signatures was added to the anti-virus databases of Kaspersky Anti-Virus on 29 September, significantly reducing the chances of successful use of the CAB vulnerability exploits."
In addition, the firm said, it is developing an emergency update of the products which include the CAB module affected by the vulnerability.
The revised list of such products includes Kaspersky Anti-Virus Personal 5.0, Kaspersky Anti-Virus Personal Pro 5.0, Kaspersky Anti-Virus 5.0 for Windows Workstations, Kaspersky Anti-Virus 5.0 for Windows File Servers and Kaspersky Personal Security Suite 1.1.
Version 4.5 of Kaspersky's anti-virus product is not affected by the vulnerability.
The updates will be available late tomorrow.
Kaspersky assured that the threat posed by the CAB vulnerability is minimal.
Share
