Vulnerability Development mailing list archives
Re: Kaspersky AntiVirus Window Caption GUI Bypass Vulnerability
From: miguel.dilaj () pharma novartis com
Date: Tue, 5 Oct 2004 09:22:03 +0200
Hi Tony, I used a similar trick in the past to deactivate McAffee 4.x (needed to use some xploits like Debploit and runasx in WinNT4, at that time the only protection was the antivirus, now we migrated to XP). The configuration GUI was password protected, and even when the passwords were show as asterisks tools to reveal passwords hidden by asterisks only show a dummy string ('12345678'). But tools to activate greyed controls worked like a charm, so in fact it was possible to activate them and change the settings, deactivate the AV, etc. The tool I used for the trick was VeoVeo, a Spanish tool available at www.hackindex.org (that has functionalities to reveal passwords hidden by asterisks, activate greyed controls, activate greyed menu items, and a simple keylogger that doesn't need administrative privileges to be installed/used). The point for me is that, even when NAI commit a mistake by providing the configuration GUI to be available for control activation, the real problem is Windows (IMHO) that allows that, not the antivirus itself. With the same kind of "tricks" you can go activating controls all along your Windoze applications, with more than unpredictable results ;-) Just my $0.02... Cheers, Miguel aka Nekromancer Tony Montana wrote:
I have discovered that the GUI part of KAV v5.0x (kav.exe) has a
vulnerability that would allow any user to completely BYPASS the "password
protection" in order to change settings or completely disable/exit KAV.
There are dosens of shareware/freeware applications available on the
internet that a user with malicious intentions could use to leverage this
new vulnerability in KAV. The main 2 that I've tested so far are
"Enabler" and "Ramcleaner" by securitysoftware.cc and cyberlat.com
respectively.
{snip}
-c4p0ne
Current thread:
- Re: Kaspersky AntiVirus Window Caption GUI Bypass Vulnerability Tony Montana (Oct 01)
- <Possible follow-ups>
- Re: Kaspersky AntiVirus Window Caption GUI Bypass Vulnerability miguel . dilaj (Oct 05)