Name of the Vulnerable Software and Affected Versions: Kaspersky Anti-Virus (affected versions not specified) Kaspersky Internet Security (affected versions not specified) Kaspersky Total Security (affected versions not specified) Kaspersky Small Office Security (affected versions not specified) Kaspersky Security Cloud (affected versions not specified)

Description: The issue is related to errors in handling symbolic links in the Browser Configuration Wizard component of Kaspersky antivirus products. Exploitation of this issue may allow an attacker to delete arbitrary files in the system using a reparse point.

Recommendations: For Kaspersky Anti-Virus, update to a version that includes a fix for the symbolic link handling error. For Kaspersky Internet Security, update to a version that includes a fix for the symbolic link handling error. For Kaspersky Total Security, update to a version that includes a fix for the symbolic link handling error. For Kaspersky Small Office Security, update to a version that includes a fix for the symbolic link handling error. For Kaspersky Security Cloud, update to a version that includes a fix for the symbolic link handling error. As a temporary workaround, consider restricting access to the Browser Configuration Wizard component until a patch is available.