First published: Fri Apr 01 2022(Updated: )
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).
Credit: vulnerability@kaspersky.com
Affected Software | Affected Version | How to fix |
---|---|---|
Kaspersky Anti-Virus | <12.03.2022 | |
Kaspersky Endpoint Security | <12.03.2022 | |
Kaspersky Internet Security | <12.03.2022 | |
Kaspersky Security Cloud | <12.03.2022 | |
Kaspersky Small Office Security | <12.03.2022 | |
Kaspersky Total Security | <12.03.2022 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2022-27534.
Kaspersky Anti-Virus, Kaspersky Endpoint Security, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Small Office Security, and Kaspersky Total Security are affected by this vulnerability.
The severity rating of CVE-2022-27534 is critical with a score of 9.8.
An attacker can potentially execute arbitrary code by exploiting this vulnerability.
The fix for this vulnerability was delivered automatically, so make sure to update your Kaspersky Anti-Virus or Kaspersky Endpoint Security to the latest version.