Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   Kaspersky Anti-Virus Vendors:   Kaspersky Lab
Kaspersky Anti-Virus URL Parsing Error Lets Remote Users Deny Service
SecurityTracker Alert ID:  1022754
SecurityTracker URL:
CVE Reference:   CVE-2009-2966   (Links to External Site)
Updated:  Aug 27 2009
Original Entry Date:  Aug 20 2009
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 2010
Description:   A vulnerability was reported in Kaspersky Anti-Virus. A remote user can cause denial of service conditions.

A remote user can create a specially crafted URL that, when processed by the target user's 'avp.exe' process, will cause the process to consume excessive CPU resources.

A demonstration exploit URL is provided:

http://[target]/.................[ .xY where 1024<Y]

The vulnerability can also be exploited via HTML-based e-mail.

Maksymilian Arciemowicz of reported this vulnerability.

Impact:   A remote user can cause excessive CPU consumption on the target system.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Resource error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  [Full-disclosure] Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service

Hash: SHA1
[ Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service ]

Author: Maksymilian Arciemowicz
- - Dis.: 10.07.2009
- - Pub.: 19.08.2009

Risk: Medium

Affected Software (tested):
- - Kaspersky Internet Security 2010 (a) EN
- - Kaspersky Anti-Virus 2010 DE

Original URL:

- --- 0.Description ---
Kaspersky Lab is a computer security company, co-founded by Natalia
Kasperskaya and Eugene Kaspersky in 1997, offering anti-virus,
anti-spyware, anti-spam, and anti-intrusion products. Kaspersky Lab is a
privately held company headquartered in Moscow, Russia with regional
offices in Germany, France, the Netherlands, the UK, Poland, Romania,
Sweden, Japan, China, Korea and the USA.

- --- 1. Kaspersky AV/IS 2010 avp.exe Denial of Service ---
The main problem exists in parsing url addresses. If we give a lot of
dots, kaspersky avp.exe proccess, will get 100% of CPU and will block
trafic via browsers.    
Relativistic time to return to normal behavior is very long. In
practice, when we give a large number of dots, kaspesky will not return
to normal behavior.

This example will denial access to the browser and other kaspersky
operations[ .xY where 1024<Y]

It can be exploited remotely by html code. (like: send email)

<img src="[ more dots ]">

The user who executed the code above, will be deprived of the
possibility of browsing and successive reset the kaspersky.

Tested on:
- - Kaspersky Internet Security 2010 (a) (EN) + Windows Vista
Enterprise (EN)
- - Kaspersky Anti-Virus 2010 (DE) + Windows XP Home Edition (DE)

0day (18.08.2009) exploit you can find:

This script, will generate <img> tags with different url lenght to block
kaspersky services.

However we can exploit this issue via html email. The method of attack
is simple. The victim need only refer to a faulty address.

- --- 2. Greets ---
sp3x Infospec Chujwamwdupe p_e_a pi3

- --- 3. Contact ---
Author: [ Maksymilian Arciemowicz ]
Email: cxib {a.t] securityreason [d0t} com

- --
Best Regards,
- ------------------------
pub   1024D/A6986BD6 2008-08-22
uid                  Maksymilian Arciemowicz (cxib)
sub   4096g/0889FA9A 2008-08-22

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC