Kaspersky Internet Security/Anti-Virus '.cfg' File Memory Corruption Vulnerability

Bugtraq ID:	51161
Class:	Unknown
CVE:
Remote:	No
Local:	Yes
Published:	Dec 21 2011 12:00AM
Updated:	Dec 21 2011 12:00AM
Credit:	Vulnerability Research Laboratory - Benjamin K.M.
Vulnerable:	Kaspersky Internet Security 2012 Kaspersky Internet Security 2011 Kaspersky Internet Security 2010 Kaspersky Anti-Virus 2012 Kaspersky Anti-Virus 2011 Kaspersky Anti-Virus 2010 Kaspersky Anti-Virus 0
Not Vulnerable:

Kaspersky Internet Security/Anti-Virus '.cfg' File Memory Corruption Vulnerability

Kaspersky Internet Security and Anti-Virus are prone to a local memory-corruption vulnerability.

A local attacker can exploit this issue to cause the affected application to crash, denying service to legitimate users. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed.

Kaspersky Internet Security/Anti-Virus '.cfg' File Memory Corruption Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/51161.txt

Kaspersky Internet Security/Anti-Virus '.cfg' File Memory Corruption Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Kaspersky Internet Security/Anti-Virus '.cfg' File Memory Corruption Vulnerability

References:

• Kaspersky Home Page (Kaspersky)