xti9er / google-security-research

Automatically exported from code.google.com/p/google-security-research
0 stars 0 forks source link

Kaspersky Antivirus ThinApp parser stack buffer overflow #518

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
The attached report and exploit were mailed to vulnerability@kaspersky.com on 
4th September 2015. Currently triaging about 230 more unique crashes.

A remotely exploitable stack buffer overflow in ThinApp container parsing. 
Kaspersky Antivirus (I've tested version 15 and 16) and other products using 
the Kaspersky Engine (such as ZoneAlarm) are affected.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Exploit password: infected

Original issue reported on code.google.com by tav...@google.com on 5 Sep 2015 at 5:15

Attachments:

GoogleCodeExporter commented 8 years ago
Kaspersky confirmed the vulnerability on Sep 5, and informed me a fix is being 
rolled out globally on the 7th.

I'm currently discussing publication, and hoping we can negotiate for 
deployment of /GS.

Original comment by tav...@google.com on 8 Sep 2015 at 11:24

GoogleCodeExporter commented 8 years ago

Original comment by scvi...@google.com on 10 Sep 2015 at 1:48

GoogleCodeExporter commented 8 years ago

Original comment by tav...@google.com on 22 Sep 2015 at 5:23

GoogleCodeExporter commented 8 years ago

Original comment by mjurc...@google.com on 24 Sep 2015 at 11:37

GoogleCodeExporter commented 8 years ago
thanksyou so much 
http://richcare.blogspot.co.id/2015/09/obat-herbal-asam-urat-alami-generik-resep
dokter-dan-kolesterol.html

Original comment by prabukra...@gmail.com on 1 Oct 2015 at 4:54

GoogleCodeExporter commented 8 years ago

Original comment by haw...@google.com on 12 Oct 2015 at 6:11