ASA-2019-00264 – Kaspersky: Heap-based buffer overflow during JS file scan


Allele Security Alert

ASA-2019-00264

Identifier(s)

ASA-2019-00264, CVE-2019-8285

Title

Heap-based buffer overflow during JS file scan

Vendor(s)

Kaspersky Lab

Product(s)

Kaspersky Antivirus

Affected version(s)

Kaspersky Antivirus with antivirus databases released prior to 4th April, 2019

Fixed version(s)

Kaspersky Antivirus with antivirus databases released on 4th April, 2019 and later

Proof of concept

Unknown

Description

Kaspersky Lab has fixed a security issue CVE-2019-8285 in its products that could potentially allow third-parties to remotely execute arbitrary code on a user’s PC with system privileges. The security fix was deployed to Kaspersky Lab customers on 4th April, 2019 through a product update.

This issue was classified as heap-based buffer overflow vulnerability. Memory corruption during JS file scan could lead to execution of arbitrary code on a user machine.

Technical details

Unknown

Credits

Imaginary team

Reference(s)

Advisory issued on 8th May, 2019
https://support.kaspersky.com/vulnerability.aspx?el=12430#080519

CVE-2019-8285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8285

CVE-2019-8285
https://nvd.nist.gov/vuln/detail/CVE-2019-8285

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: May 13, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.