Vulnerability Description
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kaspersky | Anti-Virus | < 12.03.2022 |
| Kaspersky | Endpoint Security | < 12.03.2022 |
| Kaspersky | Internet Security | < 12.03.2022 |
| Kaspersky | Security Cloud | < 12.03.2022 |
| Kaspersky | Small Office Security | < 12.03.2022 |
| Kaspersky | Total Security | < 12.03.2022 |
References
- https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2Broken Link
- https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2Broken Link
FAQ
What is CVE-2022-27534?
CVE-2022-27534 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to...
How severe is CVE-2022-27534?
CVE-2022-27534 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-27534?
Check the references section above for vendor advisories and patch information. Affected products include: Kaspersky Anti-Virus, Kaspersky Endpoint Security, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Small Office Security.