Kaspersky Bug Fix En Route

Friday, March 8, 2013 @ 04:03 PM gHale


There is a vulnerability in Kaspersky Internet Security 2013 that could end up exploited to remotely freeze a computer, a security researcher said.

“If IPv6 connectivity to a victim is possible (which is always the case on local networks), a fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system,” said researcher Marc Heuse in a blog post. “No log message or warning window is generated, nor is the system able to perform any task.”

RELATED STORIES
Spear Phishing Takes it Up a Notch
APT Disconnect Means Poor Defense
‘Trust’ Risk Losses Soaring
Attacks Spreading to Other Industries

Heuse said he alerted Kaspersky of the bug on two occasions, but he hasn’t received any response. As a result, he has published a proof-of-concept for the attack.

Kaspersky officials confirm the existence of an issue in one of their system drivers. They said a private patch is available on demand and an autopatch will release soon.

“Although Kaspersky Lab acknowledges the issue, it would like to stress that there was no threat of malicious activity affecting the PCs of any users who may have experienced this rare problem,” Kaspersky said in a statement.



Leave a Reply

You must be logged in to post a comment.