Known Security Flaw Found In More Antivirus Products

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/endpoint/known-security-flaw-found-in-more-antivirus-products/d/d-id/1323480

By Kelly Jackson Higgins
Dark Reading
12/8/2015

Turns out a vulnerability discovered earlier this year in antivirus 
software from AVG also was present in AV software products from Intel 
McAfee and Kaspersky Lab.

The security bug -- which researchers at enSilo in March reported in AVG's 
Internet Security 2015 build 5736 and virus database 8919 -- centers 
around how the AV products in question allocate memory for read, write, 
and execute purposes.

The AV products use "predictable" addresses that in turn could allow 
malware to exploit vulnerable, out-of-date third-party Windows 
applications for nefarious purposes. That effectively bypasses the AV 
system and makes it easier for bad guys to exploit vulnerable browsers or 
Adobe Reader, for example, to hack a Windows machine. enSilo today 
disclosed that this fall, it found the flaw in Kaspersky Lab'sKaspersky 
Total Security 2015 - 15.0.2.361 - kts15.0.2.361en_7342 and McAfee's Virus 
Scan Enterprise version 8.8, including in its Anti Malware + Add-on 
Modules, Scan Engine version (32 bit) 5700.7163, DAT version 7827.0000, 
Buffer Overflow and Access Protection DAT version 659, after building its 
own tool to test AV products for the flaw.

Both Kaspersky Lab and Intel McAfee have patched the flaw in their 
respective products -- AVG fixed its bug just days after enSilo alerted 
the company -- but enSilo says the vulnerability could well exist in other 
software such as data leak prevention and performance monitoring products.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/