Four critical vulnerabilities has been reported in Kaspersky Internet Security Version 16.0.0 (and probably in other Kaspersky products). Kaspersky has fixed this vulnerabilities with an update.
Advertising
Security researchers from Talos (Cisco) has published last Friday this blog post. Kaspersky Internet Security Suite version 16.0.0 contains Multiple DOS Issues and also a Kernel Information Leak.
Kaspersky Security Suite hooks into the Windows API via a driver named KLIF. This driver contains in version 10.0.0.1532 one kernel memory leak. A malicious program can send crafted IOCTL calls to be used, to leak kernel memory content to the user space. Three other vulnerabilities are useable to manipulate inaccessible memory content and causes a system crash.
Talos has reported all vulnerabilities to Kaspersky, and the antivirus vender has shipped an update to fix this security flaws in Kaspersky Security Suite version 16.0.0 – but note, that other – unnamed – products may also be affected. (via)
