Kaspersky Antivirus Crash Vulnerabledos Exploit Found In Kaspersky Internet Security 2010 And Kaspersky Antivirus 2010


Recommended Posts

Kaspersky Antivirus Crash VulnerableDOS exploit found in Kaspersky Internet Security 2010 and Kaspersky AntiVirus 2010

A recent security report from Maksymilian Arciemowicz presented on the SecurityReason website details how remote users could crash PCs running Kaspersky-owned products. Pointing the antivirus to parse a URL, the users' CPU can be tricked to consume excessive resources and eventually crash.

The vulnerability affects Kaspersky Internet Security 2010 9.0.0.459 antivirus and its brother, the Kaspersky Antivirus 2010 9.0.0.463 version. The exploit was discovered on August 18th 2009, Kaspersky not being able to release a security update patch to this problem at the time when this article was written (check for updates at the bottom of the page).

The problem with these two antivirus versions appears when parsing a URL address. Using a lot of consecutive dots inside the address,

CODE

http://softpedia.com/...................................[some dots or other variables]

, the Kaspersky native avp.exe process will soar CPU usage up to 100%. At first, traffic via the browser will get blocked, and eventually, if enough consecutive dots have been passed inside the URL address, the computer will crash.

This exploit can be used inside HTML files, as normal href values or as img image sources. It will also work inside HTML email bodies. The code can be used remotely, and will lead to a denial-of-service that could alter computer hardware or software.

According to Maksymilian Arciemowicz, “The main problem exists in parsing url addresses […] Relativistic time to return to normal behavior is very long. In practice, when we give a large number of dots, kaspesky will not return to normal behavior.” He also added that, “This example will denial access to the browser and other kaspersky operations […] The user who executed the code above, will be deprived of the possibility of browsing and successive reset the Kaspersky.”

SecurityReason has classified this DOS attack vulnerability as a medium threat to PC users. Details and code exploit examples can be found at this link.

softpedia - http://news.softpedia.com/news/Kaspersky-A...le-119818.shtml

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...