Kaspersky Lab has been hit by a security bug affecting a wide range of its anti-virus products. The bug isn't limited to a particular platform, and can be exploited through several common protocols to take over a protected system.
Separately, security vendors warned that exploit code has begun circulating publicly for an unpatched flaw in Microsoft Office that was first disclosed in April. The exploit makes it easier for attackers to take advantage of the hole, which, like the Kaspersky flaw, could allow attackers to take over a system.
Meanwhile, Cisco is touting a new system designed to offer quick fixes for new vulnerabilities 15 minutes after the security community discovers them.
The Kaspersky flaw is in an Anti-virus Library used to parse CAB files. It could be exploited via protocols such as SMTP, SMB, HTTP and FTP, according to an advisory from Alex Wheeler, who discovered the flaw.
The problem has been confirmed in version 184.108.40.206 of the CAB scanning library, and probably affects other versions as well, security researchers said. The products affected include Kaspersky Anti-Virus 4.x, Kaspersky Anti-Virus 5.x and Kaspersky SMTP-Gateway 5.x.
"Due to the library?s OS-independent design and core functionality, it is likely this vulnerability affects a substantial portion of Kaspersky?s gateway, server, and client anti-virus enabled product lines on most platforms," Wheeler said in the advisory.
No official patch is yet available, according to researchers. FrSIRT, the French Security Incident Response Team, said the flaw was "critical".
The Office exploit is circulating as a Microsoft Access file, which, when run, can take over a system. Microsoft said it is aware of the flaw and is considering issuing a patch. The bug is a memory handling error in the Microsoft Jet Database Engine and can be triggered by parsing database files, according to security vendor Secunia.
Cisco is better known as the dominant enterprise networking company, but has launched an Incident Control System (ICS) linked to Trend Micro's TrendLabs research service.
Cisco's ICS appliance, to be available this month, will get a quick policy-based fix for newly discovered vulnerabilities and attacks within 15 minutes of their detection by TrendLabs, Cisco said. A more fine-tuned fix is to be distributed after 90 minutes.
Cisco said it will first roll out the appliance in manual mode, allowing administrators to choose whether to implement any given quick-fix. Some policy changes could disrupt corporate networks by, for example, blocking important ports, Cisco said.
On Wednesday, security researchers warned that a similarly critical hole had cropped up in Symantec Antivirus Scan Engine. A bug in the handling of malformed HTTP requests could allow attackers to execute malicious code and take over a system, according to iDefense. Versions of the Scan Engine before 4.3.12 are affected.