Flaw in Kaspersky Internet Security 2013 Leads to Remotely Freeze

The issue has been uncovered by security expert Marc Heuse

By on March 7th, 2013 12:05 GMT

In a post published on Full Disclosure, security expert Marc Heuse has revealed the existence of a vulnerability in Kaspersky Internet Security 2013 that could be exploited to remotely freeze a computer.

“If IPv6 connectivity to a victim is possible (which is always the case on local networks), a fragmented packet with multiple but one large extension header leads to a complete freeze of the operating system. No log message or warning window is generated, nor is the system able to perform any task,” Heuse wrote.

The expert claims he has alerted Kaspersky of the bug on two occasions, but he hasn’t received any response. As a result, he has published a proof-of-concept for the attack.

Kaspersky representatives confirm the existence of an issue in one of their system drivers. They’ve told ZDNet that a private patch is available on demand and an autopatch will be released soon.

“Although Kaspersky Lab acknowledges the issue, it would like to stress that there was no threat of malicious activity affecting the PCs of any users who may have experienced this rare problem,” Kaspersky said in a statement.

1 Comment