Incident Response, Malware, Network Security, Patch/Configuration Management, TDR, Vulnerability Management

Path traversal flaw reported in Kaspersky Anti-Virus

A path traversal flaw recently reported in Kaspersky Anti-Virus can enable a remote user to view files on a target system, according to Security Tracker.

When users key into the software's virtual keyboard, it does not properly validate their input, the researchers claim. This enables a remote user to create specially crafted HTML that, once it is downloaded by the target user, will bring up the virtual keyboard. At this point the attacker can view files on the victim's system.

"A specially crafted GetGraphics() call with an input value containing directory traversal characters can trigger this flaw," Security Tracker said.

The advisory is available here.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.