Researcher Discovers Memory Corruption Vulnerability in Kaspersky 2011/2012 Products
The vulnerability researcher Benjamin Kunz Mejri discovered a new zero-day memory corruption vulnerability in "Kaspersky Anti-Virus 2011/2012 & Internet Security 2011/2012".
The security vulnerability is locally exploKtable while loading a manipulated .CFG (Configuration/Setting) File. The vulnerability is caused by an invalid pointer corruption through the Kaspersky exception/protection filters, which could be exploited by attackers to crash the software process on all instances (Browser+Addon, Sidebar & Software). Benjamin K.M. used a new concept to identify the memory corruption issue and has bypassed the protection filter exception (import) of the software.
Kaspersky Anti-Virus 2012 & Kaspersky Internet Security 2012
- KIS 2012 v126.96.36.1994
- KAV 2012 v12.x
Kaspersky Anti-Virus 2011 & Kaspersky Internet Security 2011
- KIS 2011 v188.8.131.52 (a.b)
- KAV 184.108.40.2060
- KIS 2011 v220.127.116.114
Kaspersky Anti-Virus 2010 & Kaspersky Internet Security 2010
- Mon, 2013-05-13 01:31
- Wed, 2013-03-13 08:21
- Thu, 2013-02-21 06:06