Kaspersky Internet Security la mot bo tien ich bao gom cac
cong cu antivirus, anti-spam, va mot tuong lua manh co the bao ve may tinh chong
lai su tan cong tu Internet.
Tuy nhien, bo san pham nay khong con an toan nhu nhung nguoi su dung van trong
doi nua, vi no hien mac mot loi bao mat cho phep ke tan cong kiem soat he thong
bi lay nhiem. Mot bao cao moi day da cho chung ta biet ve mot lo hong duoc tim
thay trong Kaspersky Internet Security co the lam dung hoat dong bao ve he thong
va tao dieu kien cho hacker chay cac file doc voi cac dac quyen cua admin.
“Trinh dieu khien klif.sys la mot phan trong he thong bao ve “anti-hacker”
tien phong. Trinh dieu khien nay ket noi va kiem tra cac tin hieu he thong, vi
du nhu cac chuc nang dang ky. Chuc nang ket noi cua ham _NtSetValueKey co the
mac loi “tran bo nho so nguyen” (integer overflow) dan den “tran bo dem nhieu
lop cua nhan” (kernel heap overflow).
 Viec
bo qua mot luong lon gia tri khong duoc danh dau cua doi so kich co du lieu
trong khi tinh toan dung luong bo nho phan bo se dan den “tran bo nho so hoc”
(arithmetic overflow). Thuc hien thao tac copy vao bo dem (bo nho trung gian)
nay se gay ra vung nho dem.
Loi nay duoc xac nhan trong phien ban 6.0.1.411 cua bo Kaspersky Security
Internet nhung co the no cung co anh huong toi cac phien ban truoc do cua ung
dung nay. Neu ban khong muon bi khai thac lo hong nay, thi nen cap nhat
phien ban moi nhat cua san pham.
Truoc day, cac chuong trinh cua Kaspersky Labs cung da gap phai cac truc trac
tuong tu nhung mot so da nhanh chong duoc cong ty sua chua kip thoi. Vi du dien
hinh nhat la vu viec Kaspersky Antivirus ngan khong cho nguoi su dung cap nhat
san pham va khien cho may tinh bi so ho truoc nhung moi de doa tu Internet.
Theo SoftpediaNews, VTC
Article source http://w4rum.com/1243.t
| 