Vulnerability-Lab discovered a Memory Corruption vulnerability in Kaspersky internet security 2011/2012,Kaspersky Anti-Virus 2011/2012.
The vulnerability is caused by an invalid pointer corruption when processing a corrupt .cfg file through the kaspersky exception filters,
which could be exploited by attackers to crash he complete software process.
The bug is located over the basegui.ppl & basegui.dll when processing a .cfg file import.
The kaspersky .cfg file import exception-handling filters wrong or manipulated file imports like one this first test ..
The PoC is not affected by the import exception-handling & get through without any problems. A invalid pointer write & read allows
an local attacker to crash the software via memory corruption. The technic & software to detect the bug in the binary is prv8.
An local attacker do not need to know any passwords to load a .cfg (Configuration) file.
Affected Version(s):
Kaspersky Anti-Virus 2012 & Kaspersky Internet Security 2012KIS 2012 v12.0.0.374
KAV 2012 v12.x
Kaspersky Anti-Virus 2011 & Kaspersky Internet Security 2011
KIS 2011 v11.0.0.232 (a.b)
KAV 11.0.0.400
KIS 2011 v12.0.0.374
Kaspersky Anti-Virus 2010 & Kaspersky Internet Security 2010
