Vulnerability-Lab Team discovered a Memory & Pointer Corruption Vulnerability on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012. A Memory Corruption vulnerability is detected on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012.
The vulnerability is caused by an invalid pointer corruption when processing a corrupt .cfg file through the kaspersky exception filters,which could be exploited by attackers to crash he complete software process.
The bug is located over the basegui.ppl & basegui.dll when processing a .cfg file import.
- Kaspersky Anti-Virus 2012 & Kaspersky Internet Security 2012
- KIS 2012 v220.127.116.114
- KAV 2012 v12.x
- Kaspersky Anti-Virus 2011 & Kaspersky Internet Security 2011
- KIS 2011 v18.104.22.168 (a.b)
- KAV 22.214.171.1240
- KIS 2011 v126.96.36.1994
- Kaspersky Anti-Virus 2010 & Kaspersky Internet Security 2010
The kaspersky .cfg file import exception-handling filters wrong or manipulated file imports like one this first test ... (wrong-way.png). The PoC is not affected by the import exception-handling & get through without any problems. A invalid pointer write & read allows an local attacker to crash the software via memory corruption. The technic & software to detect the bug in the binary is private tool.
Pa fino, fino, nema šta. :)