Saturday, August 22, 2009

Kapersky Antivitus Crash Vulnerable DOS Exploit Found In Kasperskey Antivirus 2010

21st of August 2009, 14:02 GMT

A recent security report from Maksymilian Arciemowicz presented on the SecurityReason website details how remote users could crash PCs running Kaspersky-owned products. Pointing the antivirus to parse a URL, the users' CPU can be tricked to consume excessive resources and eventually crash.The vulnerability affects Kaspersky Internet Security 2010 antivirus and its brother, the Kaspersky Antivirus 2010 version. The exploit was discovered on August 18th 2009, Kaspersky not being able to release a security update patch to this problem at the time when this article was written (check for updates at the bottom of the page).The problem with these two antivirus versions appears when parsing a URL address. Using a lot of consecutive dots inside the address, the Kaspersky native avp.exe process will soar CPU usage up to 100%. At first, traffic via the browser will get blocked, and eventually, if enough consecutive dots have been passed inside the URL address, the computer will crash.This exploit can be used inside HTML files, as normal href values or as img image sources. It will also work inside HTML email bodies. The code can be used remotely, and will lead to a denial-of-service that could alter computer hardware or software.According to Maksymilian Arciemowicz, “The main problem exists in parsing url addresses […] Relativistic time to return to normal behavior is very long. In practice, when we give a large number of dots, kaspesky will not return to normal behavior.” He also added that, “This example will denial access to the browser and other kaspersky operations […] The user who executed the code above, will be deprived of the possibility of browsing and successive reset the Kaspersky.”SecurityReason has classified this DOS attack vulnerability as a medium threat to PC users. Details and code exploit examples can be found at this link.

No comments:

Post a Comment