Kaspersky Anti-Virus 5.x
Kaspersky Anti-Virus 6.x
Kaspersky Internet Security 6.x
Critical: Not critical
Skywing has discovered a vulnerability in Kaspersky Anti-Virus, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to missing validation of pointers supplied by user-space programs before they are used by custom system services installed by "klif.sys" to access memory. This can be exploited to cause the system to reboot due to invalid memory access.
The vulnerability has been confirmed in Kaspersky Anti-Virus 188.8.131.520, Kaspersky Internet Security 184.108.40.2060, and also reported in Kaspersky Internet Security Suite 5.0. Other versions may also be affected.
Solution: Restrict system access to trusted users only.