A memory corruption issue may cause the application to crash

Dec 22, 2011 14:41 GMT  ·  By

Medium severity vulnerabilities are found in Kaspersky Anti-Virus and Kaspersky Internet Security 2011/2012 which can allow an attacker to crash the complete software process.

Researchers from Vulnerability Laboratory found a flaw caused by an invalid pointer corruption when processing a corrupt .cfg file through the Kaspersky exception filters. The bug seems to be located in basegui.ppl and basegui.dll when a cfg file import is processed.

A proof of concept vide was also published along with the disclosure.

“The PoC is not affected by the import exception-handling & get through without any problems. A invalid pointer write & read allows a local attacker to crash the software via memory corruption. The technic & software to detect the bug in the binary is prv8,” Benjamin Kunz Mejri, Vulnerability Laboratory founder, wrote.

It also seems that a local attacker doesn’t need to know any passwords in order to load the malicious configuration file.

According to the timeline report provided by Vulnerability Labs, Kaspersky was notified on the issue in December 2010 and responded a month later. The information on the vulnerabilities was not disclosed until a few days ago, but there is no mention of the bug being fixed.

A while back, I had the opportunity to have a chat with Benjamin Kunz Mejri on the security issues they discovered and, at the time, he admitted that not everyone appreciates what they’re doing.

“There are 2 options for the product vendor ... he hates us because he cannot see his own flaws/mistakes/fails ... or he loves us because he can now see his flaws/mistakes/fails. Nothing between. The most vendors reply very friendly & ask us for disclosure partnership (cooperation) for future bug publications,” he said.

I have contacted Kaspersky to see what they have to say on the matter so stay tuned for an update.