|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityReason Advisory | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 Advisory Text : Kaspersky Lab fixes vulnerability in the company’s antivirus products Kaspersky Lab, a leading developer of secure content management systems, has closed a vulnerability that arose when parsing specially formed URL addresses. Information about the vulnerability, which results in a system hang, was published on http://securityreason.com on 19 August. The DoS (Denial of Service) vulnerability reported by an independent analyst was caused by a faulty signature. Kaspersky Internet Security 2010 and Kaspersky Anti-Virus 2010 were affected by the problem. When parsing URL addresses formed in a certain way, including URLs in email messages, CPU usage could reach 100% and block all web traffic. There have been no reported instances of system failure caused by this signature since it was included in antivirus databases. Had this vulnerability been exploited by cybercriminals, nothing more serious than the computer hang would have happened. The faulty signature was modified in the next database update on the same day, which means the vulnerability has been completely removed. The company is constantly perfecting its procedures for product testing and releasing updates in order to prevent such errors from occurring in future. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [ Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service ] Author: Maksymilian Arciemowicz http://SecurityReason.com Date: - - Dis.: 10.07.2009 - - Pub.: 19.08.2009 Risk: Medium Affected Software (tested): - - Kaspersky Internet Security 2010 9.0.0.459 (a) EN - - Kaspersky Anti-Virus 2010 9.0.0.463 DE Original URL: http://securityreason.com/achievement_securityalert/66 - --- 0.Description --- Kaspersky Lab is a computer security company, co-founded by Natalia Kasperskaya and Eugene Kaspersky in 1997, offering anti-virus, anti-spyware, anti-spam, and anti-intrusion products. Kaspersky Lab is a privately held company headquartered in Moscow, Russia with regional offices in Germany, France, the Netherlands, the UK, Poland, Romania, Sweden, Japan, China, Korea and the USA. - --- 1. Kaspersky AV/IS 2010 avp.exe Denial of Service --- The main problem exists in parsing url addresses. If we give a lot of dots, kaspersky avp.exe proccess, will get 100% of CPU and will block trafic via browsers. Relativistic time to return to normal behavior is very long. In practice, when we give a large number of dots, kaspesky will not return to normal behavior. This example will denial access to the browser and other kaspersky operations http://lu.cxib.net/.................[ .xY where 1024<Y] It can be exploited remotely by html code. (like: send email) <img src="http://lu.cxib.net/..........................[ more dots ]"> The user who executed the code above, will be deprived of the possibility of browsing and successive reset the kaspersky. Tested on: - - Kaspersky Internet Security 2010 9.0.0.459 (a) (EN) + Windows Vista Enterprise (EN) - - Kaspersky Anti-Virus 2010 9.0.0.463 (DE) + Windows XP Home Edition (DE) 0day (18.08.2009) exploit you can find: http://securityreason.com/downloads/kaspersky.2010.dos.html This script, will generate <img> tags with different url lenght to block kaspersky services. However we can exploit this issue via html email. The method of attack is simple. The victim need only refer to a faulty address. - --- 2. Greets --- sp3x Infospec Chujwamwdupe p_e_a pi3 - --- 3. Contact --- Author: SecurityReason.com [ Maksymilian Arciemowicz ] Email: cxib {a.t] securityreason [d0t} com GPG: http://securityreason.com/key/Arciemowicz.Maksymilian.gpg http://securityreason.com/ http://securityreason.pl/ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAkqKxicACgkQpiCeOKaYa9aZ1QCcDNMKAgC28dZQUe8WM61z4Yyx T0sAoNUqi8WF4EtlGjbo0MAOK5FNMY7N =09nf -----END PGP SIGNATURE----- |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
CVE : 
(
- 2009-10-02