CVE-2007-1281

Name of the Vulnerable Software and Affected Versions Kaspersky AntiVirus Engine versions 6.0.1.411 for Windows and 5.5-10 for Linux

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by utilizing a crafted UPX compressed file. This file has a negative offset, which triggers an infinite loop during the decompression process.

Recommendations For Kaspersky AntiVirus Engine version 6.0.1.411 on Windows, consider disabling the handling of UPX compressed files until a patch is available. For Kaspersky AntiVirus Engine versions 5.5-10 on Linux, restrict access to the decompression functionality to minimize the risk of exploitation.