Bypass proactive protection of Kaspersky Lab products. Video demonstration

    Quite a long time ago I discovered the ability to bypass proactive defense in Kaspersky Lab products. Finally, got around to make a demo.

    Sequence of actions:

    1. Check that there is no driver in the system directory (try to open it via notepad)
    2. Run the exploit, a request from Kaspersky about installing the driver appears. We do not click anything (that is, we do not give consent to the installation)
    3. Again we turn to the driver via notepad and voila: the driver is installed!

    Recognizable versions: Kaspersky Crystal 12.0.1.228, KIS / KAV 2012, KIS / KAV 2011. Perhaps others too.

    I don’t disclose technical details until I contact Kaspersky Lab representatives. I will only inform you that the vulnerability is not related to buffer overflows and other similar types of vulnerabilities, and is of an architectural nature. Stably reproduced on Win (x32 and x64) XP, Vista, 7.


    Also popular now: