卡巴斯基实验室就漏洞作出回应

卡巴斯基实验室在其官方网站上发表申明，就rootkit.com关于“卡巴斯基6.0/7.0通用漏洞，Guest用户即可使系统崩溃”作出回应。

原文如下：

An advisory has recently been published on rootkit.com regarding a vulnerability in KAV 7.0. Unfortunately, the authors of this material chose not to adhere to industry standard practice, and contact the vendor prior to disclosing vulnerability details. Although the authors claim that all attempts to inform Kaspersky Lab about this vulnerability were ignored, this is not the case: if we had been informed, this issue would have been addressed long ago.

The following products are vulnerable:

Kaspersky Internet Security 6.0/7.0
Kaspersky Anti-Virus 6.0/7.0
Kaspersky Anti-Virus for Windows Workstations 6.0
Kaspersky Anti-Virus 6.0 for Windows Servers

These products are vulnerable only when run on the following OSs:

Windows NT
Windows 2000
Windows 2003 x86
Windows XP x86
Products running on other Microsoft OS are not affected by this issue.

This vulnerability is classified as low risk because of its local nature: the user has to manually launch the exploit on his computer. Exploiting the vulnerability results in a critical system error (BSOD) but does not escalate privileges or provide a remote user with control over the computer.

A patch will be issued for this vulnerability in the very near future. The patch will install itself automatically. Additional information will be provided about patch release.

大意就是说：最近在rootkit.com上刊登了一篇文章指出了KAV 7的一个漏洞，不过卡巴斯基觉得，rootkit.com应该在第一时间与卡巴斯基实验室联系，而不是只在自己的网站上公布这个消息。‘但是在此前提出漏洞的作者声称已经多次向卡巴斯基反映过这个问题，都被卡巴斯基给忽视了’，卡巴斯基认为这不是事实，如果他们被通知了，那一定会立刻把这个问题提上议事日程。

以下版本的卡巴斯基产品有这个漏洞:

Kaspersky Internet Security 6.0/7.0
Kaspersky Anti-Virus 6.0/7.0
Kaspersky Anti-Virus for Windows Workstations 6.0
Kaspersky Anti-Virus 6.0 for Windows Servers

这些卡巴斯基的产品运行在以下这些操作系统会有漏洞:

Windows NT
Windows 2000
Windows 2003 x86
Windows XP x86