iDefense Security Advisory 06.04.08 - Local exploitation of a stack-based buffer overflow in Kaspersky Lab's Internet Security could allow an attacker to execute arbitrary code in the context of the kernel. The kl1.sys kernel driver distributed with Internet Security contains a stack-based buffer overflow in the handling of IOCTL 0x800520e8. This issue is caused by a failure to properly perform bounds checks on user-supplied data that is passed to the swprintf function as a source buffer. The destination buffer in this case is a 2,000 element wide-character array. If the source buffer exceeds 2,000 characters, a buffer overflow will occur leading to the execution of arbitrary code. Kaspersky Lab's Internet Security version 7.0.1.325 is confirmed to be vulnerable to this issue. Previous versions are also suspected to be vulnerable.
76b1a9b68c1292103ca437e858f41f941b735e53432fe2069ab285b88ffe6825