Two vulnerabilities regarding Kaspersky security products have been disclosed by iDefense.
There is a heap overflow vulnerability in Kaspersky Internet Security Suite. This vulnerability allows for a remote code execution.
Kaspersky’s response is here.
An information disclosure vulnerability is discovered involving Kaspersky Antivirus (version 6). This vulnerability could allow malicious Web sites to obtain files from a user’s computer. The danger here is that in this vulnerability, no dialog nor warning window is shown when a malicious script starts a file transfer.
Kaspersky’s response for this vulnerability is here.
Kaspersky users are advised to install Maintenance Pack 2 to patch these vulnerabilities.
NOTE: Remote code execution occurs when an outsider is able to execute a program on a remote computer through holes in the computer, either via vulnerabilities or backdoors. An information disclosure occurs when a vulnerable application allows an outsider to gain/steal any information.