Allele Security Alert
Heap-based buffer overflow during JS file scan
Kaspersky Antivirus with antivirus databases released prior to 4th April, 2019
Kaspersky Antivirus with antivirus databases released on 4th April, 2019 and later
Proof of concept
Kaspersky Lab has fixed a security issue CVE-2019-8285 in its products that could potentially allow third-parties to remotely execute arbitrary code on a user’s PC with system privileges. The security fix was deployed to Kaspersky Lab customers on 4th April, 2019 through a product update.
This issue was classified as heap-based buffer overflow vulnerability. Memory corruption during JS file scan could lead to execution of arbitrary code on a user machine.
Advisory issued on 8th May, 2019
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 13, 2019