CVE-2015-8579 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2015-8579

CWE

https://cwe.mitre.org/data/definitions/264.html

Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Total_security_2015	Kaspersky	15.0.2.361 (including)	15.0.2.361 (including)

References

http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations
http://breakingmalware.com/vulnerabilities/sedating-watchdog-abusing-security-products-bypass-mitigations/
http://www.securityfocus.com/bid/78815
http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations
http://breakingmalware.com/vulnerabilities/sedating-watchdog-abusing-security-products-bypass-mitigations/
http://www.securityfocus.com/bid/78815