CVE-2009-4114

Kaspersky Anti-Virus <9.0.0.736 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4114. PoCs published by Heurs.

AI-analyzed exploit summary This exploit demonstrates a local denial-of-service (DoS) vulnerability in Kaspersky Anti-Virus 2010 9.0.0.463 by sending malformed IOCTL requests to the kl1.sys driver, causing a BSOD. The code opens a handle to the driver and sends a crafted input buffer to trigger the vulnerability.

Description

kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Heurs · cdoswindows

https://www.exploit-db.com/exploits/10164

View Code ZIP pw:eip

This exploit demonstrates a local denial-of-service (DoS) vulnerability in Kaspersky Anti-Virus 2010 9.0.0.463 by sending malformed IOCTL requests to the kl1.sys driver, causing a BSOD. The code opens a handle to the driver and sends a crafted input buffer to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Kaspersky Anti-Virus 2010 9.0.0.463

No auth needed

Prerequisites: Local access to the system · Kaspersky Anti-Virus 2010 9.0.0.463 installed

MITRE ATT&CK