Vigil@nce: Kaspersky AV, IS, denial of service via dots
August 2009 by Vigil@nce
An attacker can create an HTML document containing several dots in
order to generate a denial of service on Kaspersky Anti-Virus and
Internet Security.
Severity: 1/4
Consequences: denial of service of service
Provenance: document
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: unique source (2/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 19/08/2009
IMPACTED PRODUCTS
– Kaspersky Anti-Virus
DESCRIPTION OF THE VULNERABILITY
The Kaspersky Anti-Virus and Internet Security products analyzes
HTML documents browsed by the user.
When a url contains a thousand dots, its analysis generates a very
long loop. The avp.exe process consumes 100% of CPU, and the
victim cannot browse other web sites.
An attacker can thus create an HTML document containing several
dots in order to generate a denial of service on Kaspersky
Anti-Virus and Internet Security.
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-8960
http://vigilance.fr/vulnerability/Kaspersky-AV-IS-denial-of-service-via-dots-8960