Path traversal flaw reported in Kaspersky Anti-Virus

Kaspersky Anti-Virus reportedly has a Path traversal flaw.
Kaspersky Anti-Virus reportedly has a Path traversal flaw.
A path traversal flaw recently reported in Kaspersky Anti-Virus can enable a remote user to view files on a target system, according to Security Tracker.

When users key into the software's virtual keyboard, it does not properly validate their input, the researchers claim. This enables a remote user to create specially crafted HTML that, once it is downloaded by the target user, will bring up the virtual keyboard. At this point the attacker can view files on the victim's system.

"A specially crafted GetGraphics() call with an input value containing directory traversal characters can trigger this flaw," Security Tracker said.

The advisory is available here.


You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS