CVE-2009-2966

Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 - Denial of Service via HTTP URL with Excessive Dots

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2966. PoCs published by Prakhar Prasad.

AI-analyzed exploit summary This exploit targets a vulnerability in Kaspersky Internet Security 2010 and Kaspersky Anti-Virus 2010, causing a denial-of-service (DoS) by triggering excessive CPU usage and memory corruption through a maliciously crafted URL with consecutive dots. The PoC is delivered via an HTML file, which can be embedded in web pages or emails.

Description

avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Prakhar Prasad · htmldoswindows

https://www.exploit-db.com/exploits/9537

View Code ZIP pw:eip

This exploit targets a vulnerability in Kaspersky Internet Security 2010 and Kaspersky Anti-Virus 2010, causing a denial-of-service (DoS) by triggering excessive CPU usage and memory corruption through a maliciously crafted URL with consecutive dots. The PoC is delivered via an HTML file, which can be embedded in web pages or emails.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Kaspersky Internet Security 2010 9.0.0.459, Kaspersky Anti-Virus 2010 9.0.0.463

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML email

MITRE ATT&CK