Critical vulnerabilities in Kaspersky Internet Security

Four critical vulnerabilities has been reported in Kaspersky Internet Security Version 16.0.0 (and probably in other Kaspersky products). Kaspersky has fixed this vulnerabilities with an update.


Security researchers from Talos (Cisco) has published last Friday this blog post. Kaspersky Internet Security Suite version 16.0.0 contains Multiple DOS Issues and also a Kernel Information Leak.

Kaspersky Security Suite hooks into the Windows API via a driver named KLIF. This driver contains in version one kernel memory leak. A malicious program can send crafted IOCTL calls to be used, to leak kernel memory content to the user space. Three other vulnerabilities are useable to manipulate inaccessible memory content and causes a system crash.

Talos has reported all vulnerabilities to Kaspersky, and the antivirus vender has shipped an update to fix this security flaws in Kaspersky Security Suite version 16.0.0 – but note, that other – unnamed – products may also be affected. (via)

Cookies helps to fund this blog: Cookie settings

This entry was posted in Update, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *