Allele Security Alert
ASA-2019-00264
Identifier(s)
ASA-2019-00264, CVE-2019-8285
Title
Heap-based buffer overflow during JS file scan
Vendor(s)
Kaspersky Lab
Product(s)
Kaspersky Antivirus
Affected version(s)
Kaspersky Antivirus with antivirus databases released prior to 4th April, 2019
Fixed version(s)
Kaspersky Antivirus with antivirus databases released on 4th April, 2019 and later
Proof of concept
Unknown
Description
Kaspersky Lab has fixed a security issue CVE-2019-8285 in its products that could potentially allow third-parties to remotely execute arbitrary code on a user’s PC with system privileges. The security fix was deployed to Kaspersky Lab customers on 4th April, 2019 through a product update.
This issue was classified as heap-based buffer overflow vulnerability. Memory corruption during JS file scan could lead to execution of arbitrary code on a user machine.
Technical details
Unknown
Credits
Imaginary team
Reference(s)
Advisory issued on 8th May, 2019
https://support.kaspersky.com/vulnerability.aspx?el=12430#080519
CVE-2019-8285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8285
CVE-2019-8285
https://nvd.nist.gov/vuln/detail/CVE-2019-8285
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 13, 2019