Kaspersky AV/IS 2010 suffers from a denial of service vulnerability in avp.exe.
9d63e4708659427d237e63fca4e3def2b651fefaefc21800b2fd8d9caf8dcb21-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service ]
Author: Maksymilian Arciemowicz
http://SecurityReason.com
Date:
- - Dis.: 10.07.2009
- - Pub.: 19.08.2009
Risk: Medium
Affected Software (tested):
- - Kaspersky Internet Security 2010 9.0.0.459 (a) EN
- - Kaspersky Anti-Virus 2010 9.0.0.463 DE
Original URL:
http://securityreason.com/achievement_securityalert/66
- --- 0.Description ---
Kaspersky Lab is a computer security company, co-founded by Natalia
Kasperskaya and Eugene Kaspersky in 1997, offering anti-virus,
anti-spyware, anti-spam, and anti-intrusion products. Kaspersky Lab is a
privately held company headquartered in Moscow, Russia with regional
offices in Germany, France, the Netherlands, the UK, Poland, Romania,
Sweden, Japan, China, Korea and the USA.
- --- 1. Kaspersky AV/IS 2010 avp.exe Denial of Service ---
The main problem exists in parsing url addresses. If we give a lot of
dots, kaspersky avp.exe proccess, will get 100% of CPU and will block
trafic via browsers.
Relativistic time to return to normal behavior is very long. In
practice, when we give a large number of dots, kaspesky will not return
to normal behavior.
This example will denial access to the browser and other kaspersky
operations
http://lu.cxib.net/.................[<http://lu.cxib.net/.................%5B>.xY
where 1024<Y]
It can be exploited remotely by html code. (like: send email)
<img src="http://lu.cxib.net/..........................[<http://lu.cxib.net/..........................%5B>more
dots ]">
The user who executed the code above, will be deprived of the
possibility of browsing and successive reset the kaspersky.
Tested on:
- - Kaspersky Internet Security 2010 9.0.0.459 (a) (EN) + Windows Vista
Enterprise (EN)
- - Kaspersky Anti-Virus 2010 9.0.0.463 (DE) + Windows XP Home Edition (DE)
0day (18.08.2009) exploit you can find:
http://securityreason.com/downloads/kaspersky.2010.dos.html
This script, will generate <img> tags with different url lenght to block
kaspersky services.
However we can exploit this issue via html email. The method of attack
is simple. The victim need only refer to a faulty address.
- --- 2. Greets ---
sp3x Infospec Chujwamwdupe p_e_a pi3
- --- 3. Contact ---
Author: SecurityReason.com [ Maksymilian Arciemowicz ]
Email: cxib {a.t] securityreason [d0t} com
GPG: http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
http://securityreason.com/
http://securityreason.pl/
- --
Best Regards,
- ------------------------
pub 1024D/A6986BD6 2008-08-22
uid Maksymilian Arciemowicz (cxib)
<cxib@securityreason.com>
sub 4096g/0889FA9A 2008-08-22
http://securityreason.com
http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAkqLQqIACgkQpiCeOKaYa9aLxgCgy3FzzR5xPzU6QgoK1VpHpjur
paQAn3ku0sU5AzHjzjo3N0qq+Kywu7i1
=rQAP
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed