Kaspersky Antivirus ThinApp Parser Stack Buffer Overflow

2015-09-22 23:05:37

Source: https://code.google.com/p/google-security-research/issues/detail?id=518

A remotely exploitable stack buffer overflow in ThinApp container parsing. Kaspersky Antivirus (I've tested version 15 and 16) and other products using the Kaspersky Engine (such as ZoneAlarm) are affected.

Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/38287.zip

Fixes

No fixes

In order to submit a new fix you need to be registered.