卡巴斯基反病毒產品出現多個易受到攻擊的弱點 請升級到6.0.2.614 以後版本

蓝色牛仔裤

卡巴斯基反病毒產品出現多個易受到攻擊的弱點 請升級到6.0.2.614 以後版本
Secunia Advisory:  SA24778   
Release Date:  2007-04-05
Critical:  Highly critical  。
Impact:  Privilege escalation，DoS，System access，
Exposure of sensitive information，
Exposure of system information。
Where:  From remote。
Solution Status:  Vendor Patch  。

Description:
Some vulnerabilities have been reported in various Kaspersky products,which can be exploited by malicious, local users to gain escalatedprivileges and by malicious people to gain knowledge of sensitiveinformation, cause a DoS (Denial of Service), and potentiallycompromise a user's system.

1) Unsafe methods (e.g. the "StartUploading()" method) in theAxKLSysInfo.dll and AxKLProd60.dll ActiveX controls can be exploited bymalicious websites to remove and retrieve arbitrary files from a user'ssystem.

2) An integer overflow error in klif.sys within the hook function forthe "_NtSetValueKey()" function can be exploited to cause a heap-basedbuffer overflow and potentially execute arbitrary code with escalatedprivileges.

3) An unspecified error in klif.sys can be exploited by malicious, local users to execute arbitrary code with Ring-0 privileges.

4) A boundary error in the arj.ppl module of the OnDemand Scanner canbe exploited to cause a heap-based buffer overflow when scanning aspecially crafted ARJ archive.

Solution:
Update to version 6.0.2.614 or later.

Secunia安全咨询公司4月5号发布卡巴斯基反病毒产品有多个易受到攻击的弱点，升级到6.0.2.614 以后版本可以解决这些问题。
受到影响的产品版本包括：
Software: Kaspersky Anti-Virus 4.x
Kaspersky Anti-Virus 5.x
Kaspersky Anti-Virus 6.x
Kaspersky Internet Security 6.x

具体内容请浏览Secunia安全咨询公司相关网页：
http://secunia.com/advisories/24778/

ssay

看不懂E文，不过已经在用621了

onlyboy

跟着卡巴升级走，还是比较安全啊。

lylyly

你用着怎么样

sunyson

621用上去还不错啊~~~
哇哈哈哈

zfznbic

呵呵。本人也用621版本了。。楼主的签名很不错。。。加油哦。。。

caolizhen

还是用307，不想换了，懒。。反正没什么问题，没人会攻击我吧，我电脑又不是白宫的

Allko

一直在用307 看过各位说了好多其他版的好处 心痒痒啊

xiaowangzi

谢谢楼主提醒

这些漏洞是不是问题很严重呢????