Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22353
HistoryAug 20, 2009 - 12:00 a.m.

Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service

2009-08-2000:00:00
vulners.com
25
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[ Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service ]

Author: Maksymilian Arciemowicz
http://SecurityReason.com
Date:

    • Dis.: 10.07.2009
    • Pub.: 19.08.2009

Risk: Medium

Affected Software (tested):

    • Kaspersky Internet Security 2010 9.0.0.459 (a) EN
    • Kaspersky Anti-Virus 2010 9.0.0.463 DE

Original URL:
http://securityreason.com/achievement_securityalert/66

  • — 0.Description —
    Kaspersky Lab is a computer security company, co-founded by Natalia
    Kasperskaya and Eugene Kaspersky in 1997, offering anti-virus,
    anti-spyware, anti-spam, and anti-intrusion products. Kaspersky Lab is a
    privately held company headquartered in Moscow, Russia with regional
    offices in Germany, France, the Netherlands, the UK, Poland, Romania,
    Sweden, Japan, China, Korea and the USA.

  • — 1. Kaspersky AV/IS 2010 avp.exe Denial of Service —
    The main problem exists in parsing url addresses. If we give a lot of
    dots, kaspersky avp.exe proccess, will get 100% of CPU and will block
    trafic via browsers.
    Relativistic time to return to normal behavior is very long. In
    practice, when we give a large number of dots, kaspesky will not return
    to normal behavior.

This example will denial access to the browser and other kaspersky
operations

http://lu.cxib.net/…[ .xY where 1024<Y]

It can be exploited remotely by html code. (like: send email)

<img src="http://lu.cxib.net/…[ more dots ]">

The user who executed the code above, will be deprived of the
possibility of browsing and successive reset the kaspersky.

Tested on:

    • Kaspersky Internet Security 2010 9.0.0.459 (a) (EN) + Windows Vista
      Enterprise (EN)
    • Kaspersky Anti-Virus 2010 9.0.0.463 (DE) + Windows XP Home Edition (DE)

0day (18.08.2009) exploit you can find:

http://securityreason.com/downloads/kaspersky.2010.dos.html

This script, will generate <img> tags with different url lenght to block
kaspersky services.

However we can exploit this issue via html email. The method of attack
is simple. The victim need only refer to a faulty address.

Best Regards,

pub 1024D/A6986BD6 2008-08-22
uid Maksymilian Arciemowicz (cxib)
<[email protected]>
sub 4096g/0889FA9A 2008-08-22

http://securityreason.com
http://securityreason.com/key/Arciemowicz.Maksymilian.gpg
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAkqLQqIACgkQpiCeOKaYa9aLxgCgy3FzzR5xPzU6QgoK1VpHpjur
paQAn3ku0sU5AzHjzjo3N0qq+Kywu7i1
=rQAP
-----END PGP SIGNATURE-----

JSON