BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Kaspersky RegExp Remote Denial of Service Vulnerability

Disclosed March 18, 2014    Zeroday : 127 days

Vulnerability Description:

Kaspersky Internet Security is vulnerable to a denial of service condition. If a web page is viewed that contains a maliciously formed regular expression, Kaspersky Internet Security will exhaust its CPU resources, rendering the software unusable, so it cannot be shut down or restarted.

Vendors:

Kaspersky

Vulnerable Software/Devices:

Kaspersky Internet Security 14.0.0.4651 and possibly other versions

Vulnerability Severity:

Low

Exploit Availability:

Publicly Available

Exploit Impact:

Denial of Service
Exploitation of this vulnerability will render the service on the affected system unresponsive. This is a permanent denial of service, so the service will be unresponsive until restarted.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 33337 - Kaspersky Internet Security Denial of Service (20140320) (Zero-Day)
  • 33338 - Kaspersky Internet Security Denial of Service (20140320) (Zero-Day) - x64

Mitigation:

No mitigation is available.

Links:

CVE(s):

None