Imaginary specialists have reported a security issue in the Kaspersky Lab engine. The company says that the vulnerability allows for a buffer overflow, thereby creating the potential for arbitrary code execution. The mentioned vulnerability was identified by experts as CVE-2019-8285. The problem concerns versions of the Kaspersky Lab anti-virus engine that were released before April 4, 2019.
Experts say that a vulnerability in the anti-virus engine, which is used in Kaspersky Lab's software solutions, allows buffer overflows due to the inability to correctly check the boundaries of user data. It is also reported that this vulnerability could be used by attackers to execute arbitrary code in the context of an application on a target computer. It is assumed that the feature of the vulnerability allows attackers to cause a denial of service, but this has not been proven in practice.
Kaspersky Lab has published data describing the previously mentioned problem CVE-2019-8285. The report states that the vulnerability allows third parties to execute arbitrary code on attacked user computers with system privileges. It is also reported that a patch was released on April 4, which allowed to fully solve the problem. Kaspersky Lab believes that memory corruption may be the result of scanning a JS file, which will allow attackers to execute arbitrary code on the attacked computer.
Source: 3dnews.ru