Kaspersky Memory/CPU Usage Leak by design

Risk: Medium
Local: No
Remote: Yes

CVSS Base Score: 7.8/10
Impact Subscore: 6.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Complete

Hi, i've recently discovered a design problem in Kaspersky AV Scanner. Original seen on FileScanner for Unix 5.0.5 the Problematic files are also screewing up the latest 5.5.3 Version. AS i didnt find an offical way to deploy this at Kaspersky i hope someone from them will read this and contact me to get a POC. Therefore not all details will be shown here to avoid massive attacks. The file(s) are 1.6M of size and dont contain suspicous content. calling 3 kavscanner instances already renders a P4 2.4Ghz Machine with 512Mb Ram useless after a few seconds. A POC flashcapture is located at http://www.jackal-net.at/KasperskyLeakPOC.swf did anyone else encountered a similar problem ? ClamAV works fine on the same Files. Kind Regards Michael Lang

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com


Back to Top