Monday, September 24, 2007 8:32 AM
cmosby
Kaspersky AntiVirus klif.sys Hooked Functions Denial of Service - Advisories - Secunia
Kaspersky AntiVirus klif.sys Hooked Functions Denial of Service
Secunia Advisory:
SA26887
Release Date:
2007-09-24
Critical:
Not critical
Impact:
DoS
Where:
Local system
Solution Status:
Unpatched
Software:
Kaspersky Anti-Virus 6.x
Kaspersky Anti-Virus 7.x
Kaspersky Internet Security 6.x
Kaspersky Internet Security 7.x
Description:
EP_X0FF has reported some vulnerabilities in Kasperky AntiVirus, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerabilities are caused due to errors within klif.sys when handling the parameters of certain hooked functions. These can be exploited to cause a DoS by e.g. calling "NtCreateSection()", "NtUserSendInput()", "LoadLibraryA()", or other unknown SSDT entries with specially crafted parameters.
The vulnerabilities are reported in version 7.0 build 125. Other versions may also be affected.
Solution:
The vendor is reportedly working on an update to be released November 2007.
Provided and/or discovered by:
EP_X0FF
Original Advisory:
Kaspersky:
http://www.kaspersky.com/technews?id=203038706
rootkit.com:
http://www.rootkit.com/newsread.php?newsid=778
Source: Kaspersky AntiVirus klif.sys Hooked Functions Denial of Service - Advisories - Secunia
Filed under: Security and Anti-Virus, Patch Management