518 - Kaspersky Antivirus ThinApp parser stack buffer overflow - project-zero

Starred by 2 users

Status:	Fixed
Owner:	taviso@google.com
Closed:	Oct 2015
Cc:	project-...@google.com
Product-Kaspersky Deadline-90 Finder-taviso Vendor-Kaspersky CCProjectZeroMembers Severity-critical Reported-2015-Sep-4

Kaspersky Antivirus ThinApp parser stack buffer overflow

Project Member Reported by taviso@google.com, Sep 5 2015

Back to list

The attached report and exploit were mailed to vulnerability@kaspersky.com on 4th September 2015. Currently triaging about 230 more unique crashes.

A remotely exploitable stack buffer overflow in ThinApp container parsing. Kaspersky Antivirus (I've tested version 15 and 16) and other products using the Kaspersky Engine (such as ZoneAlarm) are affected.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Exploit password: infected

KasperskyVulnerabilityReport.pdf
996 KB Download

thinstall.tar.gz
38.2 KB Download

	Windows 7-2015-09-04-19-35-34.png 361 KB View Download

sample-exploit.zip
36.6 KB Download

Project Member Comment 1 by taviso@google.com, Sep 8 2015

Kaspersky confirmed the vulnerability on Sep 5, and informed me a fix is being rolled out globally on the 7th.

I'm currently discussing publication, and hoping we can negotiate for deployment of /GS.

Project Member Comment 2 by scvitti@google.com, Sep 10 2015

Labels: Reported-2015-Sep-4

Project Member Comment 3 by taviso@google.com, Sep 22 2015

Labels: -Restrict-View-Commit

Project Member Comment 4 by mjurczyk@google.com, Sep 24 2015

Labels: -Product-KasperskyAntivirus Product-Kaspersky

Comment 5 Deleted

Project Member Comment 6 by hawkes@google.com, Oct 12 2015

Status: Fixed

Comment 7 Deleted

► Sign in to add a comment