Bypassing the proactive protection of Kaspersky Lab products. Video demonstration
Quite a while ago I discovered an opportunity to bypass proactive protection in Kaspersky Lab products. Finally, got around to make a demo.
Sequencing:
1. Check that there is no driver in the system directory (we are trying to open it via notepad)
2. We launch the exploit, a request appears from Kaspersky about installing the driver. Do not press anything (i.e. do not give consent to the installation)
3. Again, contact the driver via notepad and voila: the driver is installed!
')
Known versions: Kaspersky Crystal 12.0.1.228, KIS / KAV 2012, KIS / KAV 2011. Perhaps others too.
I don’t disclose any technical details before communicating with representatives of Kaspersky Lab. I’ll only inform you that the vulnerability is not related to buffer overflow and other similar types of vulnerabilities, and is of an architectural nature. Stablely played on Win (x32 and x64) OS XP, Vista, 7.
Sequencing:
1. Check that there is no driver in the system directory (we are trying to open it via notepad)
2. We launch the exploit, a request appears from Kaspersky about installing the driver. Do not press anything (i.e. do not give consent to the installation)
3. Again, contact the driver via notepad and voila: the driver is installed!
')
Known versions: Kaspersky Crystal 12.0.1.228, KIS / KAV 2012, KIS / KAV 2011. Perhaps others too.
I don’t disclose any technical details before communicating with representatives of Kaspersky Lab. I’ll only inform you that the vulnerability is not related to buffer overflow and other similar types of vulnerabilities, and is of an architectural nature. Stablely played on Win (x32 and x64) OS XP, Vista, 7.
Source: https://habr.com/ru/post/150206/
All Articles