New issue
Advanced search Search tips
Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Closed: Oct 2015
Cc:



Sign in to add a comment
link

Issue 518: Kaspersky Antivirus ThinApp parser stack buffer overflow

Reported by taviso@google.com, Sep 5 2015 Project Member

Issue description

The attached report and exploit were mailed to vulnerability@kaspersky.com on 4th September 2015. Currently triaging about 230 more unique crashes.

A remotely exploitable stack buffer overflow in ThinApp container parsing. Kaspersky Antivirus (I've tested version 15 and 16) and other products using the Kaspersky Engine (such as ZoneAlarm) are affected.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Exploit password: infected
 
KasperskyVulnerabilityReport.pdf
996 KB Download
thinstall.tar.gz
38.2 KB Download
Windows 7-2015-09-04-19-35-34.png
361 KB View Download
sample-exploit.zip
36.6 KB Download

Comment 1 by taviso@google.com, Sep 8 2015

Project Member
Kaspersky confirmed the vulnerability on Sep 5, and informed me a fix is being rolled out globally on the 7th.

I'm currently discussing publication, and hoping we can negotiate for deployment of /GS.

Comment 2 by scvitti@google.com, Sep 10 2015

Labels: Reported-2015-Sep-4

Comment 3 by taviso@google.com, Sep 22 2015

Project Member
Labels: -Restrict-View-Commit

Comment 4 by mjurczyk@google.com, Sep 24 2015

Project Member
Labels: -Product-KasperskyAntivirus Product-Kaspersky

Comment 5 Deleted

Comment 6 by hawkes@google.com, Oct 12 2015

Project Member
Status: Fixed

Comment 7 Deleted

Comment 8 Deleted

Sign in to add a comment