Subscribe
Add to Technorati Favourites
Add to del.icio.us

Vulnerability-Lab Team discovered a Memory & Pointer Corruption Vulnerability on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012. A Memory Corruption vulnerability is detected on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012.
 

The vulnerability is caused by an invalid pointer corruption when processing a corrupt .cfg file through the kaspersky exception filters,which could be exploited by attackers to crash he complete software process.
The bug is located over the basegui.ppl & basegui.dll when processing a .cfg file import.
Affected Version(s):
  • Kaspersky Anti-Virus 2012 & Kaspersky Internet Security 2012
    • KIS 2012 v12.0.0.374
    • KAV 2012 v12.x
  • Kaspersky Anti-Virus 2011 & Kaspersky Internet Security 2011
    • KIS 2011 v11.0.0.232 (a.b)
    • KAV 11.0.0.400
    • KIS 2011 v12.0.0.374
  • Kaspersky Anti-Virus 2010 & Kaspersky Internet Security 2010
The kaspersky .cfg file import exception-handling filters wrong or manipulated file imports like one this first test … (wrong-way.png). The PoC is not affected by the import exception-handling & get through without any problems. A invalid pointer write & read allows an local attacker to crash the software via memory corruption. The technic & software to detect the bug in the binary is private tool.