CVE-2005-3664

Name of the Vulnerable Software and Affected Versions Kaspersky Anti-Virus Engine versions 5.0.227 and earlier Kaspersky Personal version 5.0.227 Anti-Virus On-Demand Scanner for Linux version 5.0.5 F-Secure Anti-Virus for Linux version 4.50

Description The issue is related to a heap-based buffer overflow that can be triggered by a crafted CHM file, allowing remote attackers to execute arbitrary code. This is due to the Anti-Virus engine's failure to perform proper bounds checking. The result is a loss of integrity.

Recommendations For Kaspersky Anti-Virus Engine version 5.0.227, update to a version that includes proper bounds checking to prevent the heap-based buffer overflow. For Kaspersky Personal version 5.0.227, consider disabling the handling of CHM files until a patch is available. For Anti-Virus On-Demand Scanner for Linux version 5.0.5, restrict access to the Anti-Virus engine to minimize the risk of exploitation. For F-Secure Anti-Virus for Linux version 4.50, avoid using the Anti-Virus engine with untrusted CHM files until the issue is resolved.