New issue
Advanced search Search tips

Issue 518 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Closed: Oct 2015
Cc:



Sign in to add a comment

Kaspersky Antivirus ThinApp parser stack buffer overflow

Project Member Reported by taviso@google.com, Sep 5 2015

Issue description

The attached report and exploit were mailed to vulnerability@kaspersky.com on 4th September 2015. Currently triaging about 230 more unique crashes.

A remotely exploitable stack buffer overflow in ThinApp container parsing. Kaspersky Antivirus (I've tested version 15 and 16) and other products using the Kaspersky Engine (such as ZoneAlarm) are affected.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Exploit password: infected
 
KasperskyVulnerabilityReport.pdf
996 KB Download
thinstall.tar.gz
38.2 KB Download
Windows 7-2015-09-04-19-35-34.png
361 KB View Download
sample-exploit.zip
36.6 KB Download
Project Member

Comment 1 by taviso@google.com, Sep 8 2015

Kaspersky confirmed the vulnerability on Sep 5, and informed me a fix is being rolled out globally on the 7th.

I'm currently discussing publication, and hoping we can negotiate for deployment of /GS.

Comment 2 by scvitti@google.com, Sep 10 2015

Labels: Reported-2015-Sep-4
Project Member

Comment 3 by taviso@google.com, Sep 22 2015

Labels: -Restrict-View-Commit
Project Member

Comment 4 by mjurczyk@google.com, Sep 24 2015

Labels: -Product-KasperskyAntivirus Product-Kaspersky

Comment 5 Deleted

Project Member

Comment 6 by hawkes@google.com, Oct 12 2015

Status: Fixed

Comment 7 Deleted

Comment 8 Deleted

Sign in to add a comment