By sending malicious parameters to NtOpenProcess, it is possible to crash Kaspersky Antivirus, when it uses klif.sys to access the process. Ironically klif.sys is designed to prevent malicious software from arbitrarily closing or otherwise controlling Kaspersky Antivirus.

Description:

All current versions of Kaspersky Antivirus (including the upcoming 7.0) are vulnerable to an attack that will crash the software at any account level, preventing its use by authorised users. This may leave systems unprotected from further malware / virus infection attempts and result in a completely compromised system.

Mitigation:

Consider the use of alternate antivirus solutions in a defence-in-depth approach to system and data security.

Updates:

Not Yet Available

Source:

http://www.rootkit.com/newsread_print.php?newsid=726

Exploits:

http://www.rootkit.com/newsread_print.php?newsid=726

Not Yet Identified