Memory Allocation Vulnerability in Kaspersky Total Security 2015
CVE-2015-8579

Currently unrated

Key Information:

Vendor: Kaspersky
Status: Total Security 2015
Vendor: CVE Published:; 16 December 2015

Summary

Kaspersky Total Security 2015 version 15.0.2.361 experiences a vulnerability due to the allocation of memory with Read, Write, and Execute (RWX) permissions at predictable memory addresses. This design flaw in the protective measures for user-mode processes allows attackers to circumvent the Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) security mechanisms, creating a potential pathway for exploitation.

References

http://breakingmalware.com/vulnerabilities/sedating-watch...

x_refsource_MISC

http://www.securityfocus.com/bid/78815

vdb-entryx_refsource_BID

http://blog.ensilo.com/the-av-vulnerability-that-bypasses...

x_refsource_MISC

Timeline

Vulnerability published
Dec 16, 2015
Vulnerability Reserved
Dec 16, 2015