Kaspersky Internet Security Memory Corruption Vulnerability

Vulnerability-Lab Team discovered a Memory & Pointer Corruption Vulnerability on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012. A Memory Corruption vulnerability is detected on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012.

The vulnerability is caused by an invalid pointer corruption when processing a corrupt .cfg file through the kaspersky exception filters,which could be exploited by attackers to crash he complete software process.
The bug is located over the basegui.ppl & basegui.dll when processing a .cfg file import.
Affected Version(s):
  • Kaspersky Anti-Virus 2012 & Kaspersky Internet Security 2012
    • KIS 2012 v12.0.0.374
    • KAV 2012 v12.x
  • Kaspersky Anti-Virus 2011 & Kaspersky Internet Security 2011
    • KIS 2011 v11.0.0.232 (a.b)
    • KAV
    • KIS 2011 v12.0.0.374
  • Kaspersky Anti-Virus 2010 & Kaspersky Internet Security 2010
The kaspersky .cfg file import exception-handling filters wrong or manipulated file imports like one this first test ... (wrong-way.png). The PoC is not affected by the import exception-handling & get through without any problems. A invalid pointer write & read allows an local attacker to crash the software via memory corruption. The technic & software to detect the bug in the binary is private tool.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.