Kingsoft Internet Security 9 - Denial of Service

EDB-ID:

10343

CVE:



Platform:

Windows

Published:

2009-11-05

#####################################################################################

Application: Kingsoft Internet Security 9

Platforms: Windows Vista SP2 
Windows XP SP3

Exploitation: Denial of Services	

Discover Date: 2009-11-05

Author: Francis Provencher (Protek Research Lab's) 

BLog: httP://Protekresearch.blogspot.com	


#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) The Code 


#####################################################################################

=================
1) Introduction
=================

Kingsoft Internet Security 09 wins another VB100 award for December 2008. Once again KIS9 passes the barrage of tests of virus attacks, hacker attempts and 

malware/spyware threats to emerge victorious in this months round of testing by the VB100 labs.

Download Kingsoft Internet Security 9 FREE for 180 days.

KIS9 is Kingsoft Research’s most advanced antivirus and security software specifically designed for always on Internet connectivity with a whole host of 

network tools allowing first time users to network profiling professionals the ability to control and analyze network traffic and applications more closely 

than ever before.
How does it work?
KIS9 Firewall creates a "program access locking control" to profile which of your programs and services can send and receive information to the Internet.

Multi layer firewall, provides not only control of your programs accesses via the Internet but also monitors lower level traffic and communications between 

applications such as email and web. Kingsoft Internet Security 9 constantly monitors network and file activity to ensure your PC remains safe to VB100 

standards.

Kingsoft Internet Security 9's Trusted Authentication Server contains an ever increasing library of information for over 10 million computer files providing 

real-time safety checking on the files being currently used on your PC and is growing hourly to incorporate information other active protection network users 

have previously accessed. It is small in size and will not slow your PC down nor require you to have a comprehensive knowledge of the large array of viruses, 

Trojans and spyware you encounter whilst using your PC day to day

(http://www.kingsoftresearch.com/KingsoftInternetSecurity09.aspx)

#####################################################################################

====================
2) Report Timeline
====================

2009-11-09 Vendor Contacted
2009-11-10 Vendor Response
2009-11-10 Vendor request a PoC
2009-11-11 Vendor confirm the vulnerability 
2009-12-07 Public release of this advisories	

#####################################################################################

======================
3) Technical details 
======================

Windows XP SP3
Windows Vista SP2

Kingsoft Internet Security 9 Plus
Program Version 2009.09.29.11

Kingsoft Antivirus fail to handled correctly some crafted archives.

The first bug is triggered by a specialy crafted ARJ File that load the CPU to 100%.

The second bug is triggered by a specialy crafted CAB file that crash the application.

Some malicious user can use is to create a DoS condition on a server or workstation. 



#####################################################################################

=============
4) The Code
=============

The PoC Files can be download here.

Hang CPU
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/10343-1.arj (PRL_CPU_Hang.arj)

Crash Application
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/10343-2.cab (PRL_Crash.cab)


#####################################################################################
(PRL-2009-18)