Low-risk vulnerability in kl1.sys driver is closed

Kaspersky Lab announces that it has patched a low-risk vulnerability in the kl1.sys driver that was found by iDefence.

The kl1.sys driver failed to properly perform a buffer size check. Malicious code executed locally could exploit a stack-based buffer overflow to execute arbitrary malicious code in the kernel.

This vulnerability affected the following Kaspersky Lab products for Windows:

  • Kaspersky Anti-Virus 6.0 and 7.0
  • Kaspersky Internet Security 6.0 and 7.0
  • Kaspersky Anti-Virus 6.0 for Windows Workstations

Early notification by iDefence enabled Kaspersky Lab to correct the kl1.sys driver code and patch the vulnerability.

The relevant patch is available to all users of vulnerable products via the built-in automatic updating module.

For more information, please visit the iDefence website: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=704.

  06.03.2008