Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).
Kaspersky Anti-Virus products
Exploit
CVE-2022-27534
NVD
Refer to CVE-2022-27534 NVD advisory