Kaspersky AntiVirus Window Caption GUI Bypass Vulnerability

[Tony Montana <c4p0ne () hush com>]

I have discovered that the GUI part of KAV v5.0x (kav.exe) has a vulnerability that would allow any user to completely 
BYPASS the "password protection" in order to change settings or completely disable/exit KAV. There are dosens of 
shareware/freeware applications available on the internet that a user with malicious intentions could use to leverage 
this new vulnerability in KAV. The main 2 that I've tested so far are "Enabler" and "Ramcleaner" by securitysoftware.cc 
and cyberlat.com respectively.

Method Using RAMcleaner: Password protect the KAV interface. Open RAM Cleaner and click "task-cleaner", then select the 
KAV.exe process with the thread-caption "Kaspersky Anti-Virus Personal" and SIMPLY click "Activate Program". The 
password dialog will be COMPLETELY bypassed and ALL settings will be freely available for alteration INCLUDING changing 
the password, or subsiquenly using a generic password recovery utility to view the password in cleartext.

It has been nearly 2 1/2 weeks since I have sent multiple reports on this exploit to Kaspersky Labs and almost 2 months 
since I have discovered and verified it. I have recieved no response whatsoever, not even to tell me "your information 
has been noted". Perhaps the ability to fully disable your AV security measures by any old user that walks off the 
street into your place of business isn't considered a critical-enough exploit to warrant a reply.

-c4p0ne