The company confirms the presence of a vulnerability in a Kaspersky Anti-Virus module used to process CAB files. Taking advantage of this vulnerability results in a malfunction of the antivirus program. This effect is present only in the Windows environment and does not affect other operating systems.

At the same time, Kaspersky Lab specialists have taken measures to eliminate the threat related to the CAB module vulnerability. First of all, on receiving the relevant data, the virus analyst team within a short time period created a package of signatures that detect possible exploits of this vulnerability (procedures that use the vulnerability to compromise a computer). This set of signatures was added to the antivirus databases of Kaspersky Anti-Virus on September 29, significantly reducing the chances of successful use of the CAB vulnerability exploits.

Kaspersky Lab experts are currently developing an emergency update of the company’s antivirus products which include the CAB module affected by the vulnerability. The revised list of such products includes: Kaspersky Anti-Virus Personal 5.0, Kaspersky Anti-Virus Personal Pro 5.0, Kaspersky Anti-Virus 5.0 for Windows Workstations, Kaspersky Anti-Virus 5.0 for Windows File Servers, Kaspersky Personal Security Suite 1.1. Importantly, version 4.5 of Kaspersky Lab’s antivirus products is not affected by the vulnerability.

Updates eliminating the CAB vulnerability for all the programs listed above will be released on Wednesday, October 5th, 2005 and will be available for installation using standard updating procedures.