In association with heise online

20 October 2006, 15:03

System rights through vulnerability in Kaspersky's antivirus solution

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

iDefense has reported on a hole in drivers from Kaspersky's antivirus solution. It could be used by a registered, non-privileged user to elevate access rights. The cause of the problem is the KLIN.SYS and KLICK.SYS drivers, which do not inspect the provided addresses when functions are called for I/O control. According to iDefense, attackers could manipulate those addresses, write their own code segments into memory and launch them with system rights. iDefense recently also discovered an almost identical hole in IOCTL in products from Symantec.

The flaw affects driver version, as contained in Kaspersky Labs Anti-Virus Version Kaspersky removed the flaw in driver version starting on 12 October; it can be downloaded using the update service.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit