Kaspersky Internet Security Memory Corruption Vulnerability
Vulnerability-Lab Team discovered a Memory & Pointer Corruption Vulnerability on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012. A Memory Corruption vulnerability is detected on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012.
The vulnerability is caused by an invalid pointer corruption when processing a corrupt .cfg file through the kaspersky exception filters,which could be exploited by attackers to crash he complete software process.
The vulnerability is caused by an invalid pointer corruption when processing a corrupt .cfg file through the kaspersky exception filters,which could be exploited by attackers to crash he complete software process.
The bug is located over the basegui.ppl & basegui.dll when processing a .cfg file import.
Affected Version(s):
- Kaspersky Anti-Virus 2012 & Kaspersky Internet Security 2012
- KIS 2012 v12.0.0.374
- KAV 2012 v12.x
- Kaspersky Anti-Virus 2011 & Kaspersky Internet Security 2011
- KIS 2011 v11.0.0.232 (a.b)
- KAV 11.0.0.400
- KIS 2011 v12.0.0.374
- Kaspersky Anti-Virus 2010 & Kaspersky Internet Security 2010
The kaspersky .cfg file import exception-handling filters wrong or manipulated file imports like one this first test ... (wrong-way.png). The PoC is not affected by the import exception-handling & get through without any problems. A invalid pointer write & read allows an local attacker to crash the software via memory corruption. The technic & software to detect the bug in the binary is private tool.
