In association with heise online

24 August 2009, 16:40

DoS vulnerability in Kaspersky products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to an advisory from Maksymilian Arciemowicz, a security specialist at SecurityReason, Kaspersky Internet Security 2010 and Anti-Virus 2010 can be compromised via specially crafted URLs. The products use a filter proxy they insert between the local browser and the network to parse the URLs requested in the browser. If a URL contains more than 1024 consecutive periods (ASCII dec 46), a programming flaw causes a drastic increase in the CPU load of the avp.exe component. As a result, the browser is no longer able to access any web pages.

The flaw can be triggered via links in web pages and in HTML emails. The bug has been verified in Kaspersky Internet Security 2010 under Windows Vista Enterprise and in Kaspersky Anti-Virus 2010 under Windows XP Home Edition. An update to fix the problem has yet to be released.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit