Vigil@nce - Kaspersky Anti-Virus, Endpoint Security: two vulnerabilities
December 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities were announced in Kaspersky Anti-Virus and
Endpoint Security.
Impacted products: Kaspersky AV.
Severity: 2/4.
Creation date: 01/10/2015.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Kaspersky Anti-Virus and
Endpoint Security.
An attacker can bypass security features in avp.exe, in order to
escalate his privileges. [severity:2/4; SYSS-2015-001,
SYSS-2015-009]
An attacker can perform an unsalted MD5 brute-force, in order to
obtain administrator’s password. [severity:1/4; SYSS-2015-002,
SYSS-2015-010]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Kaspersky-Anti-Virus-Endpoint-Security-two-vulnerabilities-18015