Kaspersky Internet Security prremote.dll Use-After-Free Remote Code Execution Vulnerability

2014-05-02T00:00:00
ID ZDI-14-122
Type zdi
Reporter ZombiE
Modified 2014-11-09T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaspersky Internet Security. User interaction is required to exploit this vulnerability in that the target must open a malicious file.

The specific flaw exists within the built-in RPC server implemented in prremote.dll. This RPC server listens over the 'PRRemote:' RPC endpoint. Through the RPC server an attacker can insert a specially crafted call_table_ref in order to gain code execution. An attacker can execute arbitrary code under the context of SYSTEM or the user of the process.