0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Kingsoft Internet Security 9 Denial of Services
=============================================== Kingsoft Internet Security 9 Denial of Services =============================================== # Title: Kingsoft Internet Security 9 Denial of Services # CVE-ID: () # OSVDB-ID: () # Author: Francis Provencher # Published: 2009-11-05 # Verified: yes view source print? ##################################################################################### Application: Kingsoft Internet Security 9 Platforms: Windows Vista SP2 Windows XP SP3 Exploitation: Denial of Services Discover Date: 2009-11-05 Author: Francis Provencher (Protek Research Lab's) BLog: httP://Protekresearch.blogspot.com ##################################################################################### 1) Introduction 2) Report Timeline 3) Technical details 4) The Code ##################################################################################### ================= 1) Introduction ================= Kingsoft Internet Security 09 wins another VB100 award for December 2008. Once again KIS9 passes the barrage of tests of virus attacks, hacker attempts and malware/spyware threats to emerge victorious in this months round of testing by the VB100 labs. Download Kingsoft Internet Security 9 FREE for 180 days. KIS9 is Kingsoft Research’s most advanced antivirus and security software specifically designed for always on Internet connectivity with a whole host of network tools allowing first time users to network profiling professionals the ability to control and analyze network traffic and applications more closely than ever before. How does it work? KIS9 Firewall creates a "program access locking control" to profile which of your programs and services can send and receive information to the Internet. Multi layer firewall, provides not only control of your programs accesses via the Internet but also monitors lower level traffic and communications between applications such as email and web. Kingsoft Internet Security 9 constantly monitors network and file activity to ensure your PC remains safe to VB100 standards. Kingsoft Internet Security 9's Trusted Authentication Server contains an ever increasing library of information for over 10 million computer files providing real-time safety checking on the files being currently used on your PC and is growing hourly to incorporate information other active protection network users have previously accessed. It is small in size and will not slow your PC down nor require you to have a comprehensive knowledge of the large array of viruses, Trojans and spyware you encounter whilst using your PC day to day (http://www.kingsoftresearch.com/KingsoftInternetSecurity09.aspx) ##################################################################################### ==================== 2) Report Timeline ==================== 2009-11-09 Vendor Contacted 2009-11-10 Vendor Response 2009-11-10 Vendor request a PoC 2009-11-11 Vendor confirm the vulnerability 2009-12-07 Public release of this advisories ##################################################################################### ====================== 3) Technical details ====================== Windows XP SP3 Windows Vista SP2 Kingsoft Internet Security 9 Plus Program Version 2009.09.29.11 Kingsoft Antivirus fail to handled correctly some crafted archives. The first bug is triggered by a specialy crafted ARJ File that load the CPU to 100%. The second bug is triggered by a specialy crafted CAB file that crash the application. Some malicious user can use is to create a DoS condition on a server or workstation. ##################################################################################### ============= 4) The Code ============= The PoC Files can be download here. Hang CPU PRL_CPU_Hang.arj Crash Application PRL_Crash.cab poc: http://inj3ct0r.com/sploits/9762.rar # 0day.today [2024-12-24] #