刚刚从安全站点"FrSIRT"看到的消息....以下是原文:

CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Critical // 漏洞等级：严重
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-10-03

 * Technical Description * //漏洞描述

A critical vulnerability has been identified in various Kaspersky Anti-Virus products, which could be exploited by attackers or malware to execute arbitrary commands. This issue is due to a heap overflow error in the CAB file format parser that does not properly handle a specially crafted file containing a malformed header, which could be exploited by attackers to execute arbitrary commands and compromise a vulnerable system (e.g. by sending an email containing a malicious CAB file).  //大意是程序对cab包文件处理的不严格,可能被执行恶意代码.

 * Affected Products *  //受影响的版本

Kaspersky Anti-Virus 4.x
Kaspersky Anti-Virus 5.x
Kaspersky SMTP-Gateway 5.x

 * Solution * //暂无补丁

The FrSIRT is not aware of any official supplied patch for this issue.

2005-10-03 : Original Advisory