Kaspersky Memory/CPU Usage Leak by design

2006.03.05

Credit: Michael Lang jackal-net at

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-1091

CWE: N/A

CVSS Base Score: 7.8/10

Impact Subscore: 6.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Complete

Hi,
i've recently discovered a design problem in Kaspersky AV Scanner. Original seen on FileScanner for Unix 5.0.5 the Problematic files are also screewing up the latest 5.5.3 Version.
AS i didnt find an offical way to deploy this at Kaspersky i hope someone from them will read this
and contact me to get a POC.
Therefore not all details will be shown here to avoid massive attacks.
The file(s) are 1.6M of size and dont contain suspicous content.
calling 3 kavscanner instances already renders a P4 2.4Ghz Machine with 512Mb Ram useless after a few seconds.
A POC flashcapture is located at http://www.jackal-net.at/KasperskyLeakPOC.swf
did anyone else encountered a similar problem ?
ClamAV works fine on the same Files.
Kind Regards
Michael Lang

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Kaspersky Memory/CPU Usage Leak by design

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.