Download Malwarebytes

Thursday, 22 December 2011

Kaspersky IS&AV 2011/12 - Memory Corruption Vulnerability


Vulnerability-Lab Team discovered a Memory & Pointer Corruption Vulnerability on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012. A Memory Corruption vulnerability is detected on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012.

The vulnerability is caused by an invalid pointer corruption when processing a corrupt .cfg file through the kaspersky exception filters,which could be exploited by attackers to crash he complete software process.


The bug is located over the basegui.ppl & basegui.dll when processing a .cfg file import.
Affected Version(s):
  • Kaspersky Anti-Virus 2012 & Kaspersky Internet Security 2012
  • KIS 2012 v12.0.0.374
  • KAV 2012 v12.x
  • Kaspersky Anti-Virus 2011 & Kaspersky Internet Security 2011
  • KIS 2011 v11.0.0.232 (a.b)
  • KAV 11.0.0.400
  • KIS 2011 v12.0.0.374
  • Kaspersky Anti-Virus 2010 & Kaspersky Internet Security 2010

The kaspersky .cfg file import exception-handling filters wrong or manipulated file imports like one this first test ... (wrong-way.png). The PoC is not affected by the import exception-handling & get through without any problems. A invalid pointer write & read allows an local attacker to crash the software via memory corruption. The technic & software to detect the bug in the binary is private tool.



Pa fino, fino, nema šta. :)

No comments: