Vulnerability-Lab Team discovered a Memory & Pointer Corruption Vulnerability on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012.Details:
The vulnerability is caused by an invalid pointer corruption when processing a corrupt .cfg file through the kaspersky exception filters, which could be exploited by attackers to crash the complete software process.
The bug is located over the basegui.ppl & basegui.dll when processing a .cfg file import.
Vulnerable Modules:
[+] CFG IMPORT
Affected Version(s):
– Kaspersky Anti-Virus 2012 & Kaspersky Internet Security 2012
– KIS 2012 v12.0.0.374
– KAV 2012 v12.x
– Kaspersky Anti-Virus 2011 & Kaspersky Internet Security 2011
– KIS 2011 v11.0.0.232 (a.b)
– KAV 11.0.0.400
– KIS 2011 v12.0.0.374
– Kaspersky Anti-Virus 2010 & Kaspersky Internet Security 2010
Severity:
Medium
Credits:
Vulnerability Research Laboratory – Benjamin K.M. (Rem0ve)
No comments:
Post a Comment