Denial of Service in Kaspersky Internet Security and Anti-Virus
CVE-2009-2966

Currently unrated

Key Information:

Vendor: Kaspersky
Status: Kaspersky Anti-virus; Kaspersky Internet Security
Vendor: CVE Published:; 25 August 2009

Summary

The avp.exe component of Kaspersky Internet Security and Anti-Virus versions 9.0.0.459 and 9.0.0.463 contains a vulnerability that allows remote attackers to exploit a crafted HTTP request. This request, when containing an excessive number of dot '.' characters, can lead to significant CPU resource consumption and loss of network connectivity. As a result, users may experience service interruptions, making the system less responsive or temporarily inoperative.

References

http://secunia.com/advisories/36405

third-party-advisoryx_refsource_SECUNIA

http://www.osvdb.org/57173

vdb-entryx_refsource_OSVDB

http://securityreason.com/achievement_securityalert/66

third-party-advisoryx_refsource_SREASONRES

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 25, 2009
Vulnerability Reserved
Aug 25, 2009