Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Kaspersky AntiVirus Window Caption GUI Bypass Vulnerability
From: Tony Montana (c4p0nehush.com)
Date: Thu Sep 30 2004 - 11:10:08 CDT
I have discovered that the GUI part of KAV v5.0x (kav.exe) has a vulnerability that would allow any user to completely BYPASS the "password protection" in order to change settings or completely disable/exit KAV. There are dosens of shareware/freeware applications available on the internet that a user with malicious intentions could use to leverage this new vulnerability in KAV. The main 2 that I've tested so far are "Enabler" and "Ramcleaner" by securitysoftware.cc and cyberlat.com respectively.
Method Using RAMcleaner: Password protect the KAV interface. Open RAM Cleaner and click "task-cleaner", then select the KAV.exe process with the thread-caption "Kaspersky Anti-Virus Personal" and SIMPLY click "Activate Program". The password dialog will be COMPLETELY bypassed and ALL settings will be freely available for alteration INCLUDING changing the password, or subsiquenly using a generic password recovery utility to view the password in cleartext.
It has been nearly 2 1/2 weeks since I have sent multiple reports on this exploit to Kaspersky Labs and almost 2 months since I have discovered and verified it. I have recieved no response whatsoever, not even to tell me "your information has been noted". Perhaps the ability to fully disable your AV security measures by any old user that walks off the street into your place of business isn't considered a critical-enough exploit to warrant a reply.