In association with heise online

05 June 2008, 09:54

Kaspersky driver bug allows privilege escalation

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A flaw in a kernel driver used by Kaspersky Anti-Virus 6.0 and 7.0, Kaspersky Internet Security 6.0 and 7.0, and Kaspersky Anti-Virus 6.0 for Windows Workstations can be exploited by uers with restricted rights to get admin rights to a system, or by malware to execute with system privileges.

The cause is a buffer overflow in the kl1.sys kernel driver when handling a call to IOCTL 0x800520e8 where the length of a user-supplied parameter exceeds 2,000 characters. According to iDefense, code can then be injected onto the stack and launched with the kernel's rights. Kaspersky has released updates to fix the flaw. Most users will probably already have it installed via the software's automatic update function.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit