Advisory Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Kaspersky Internet Security. User interaction is required to exploit this vulnerability in that the target must open a malicious file.

The specific flaw exists within the built-in RPC server implemented in prremote.dll. This RPC server listens over the 'PRRemote:' RPC endpoint. Through the RPC server an attacker can insert a specially crafted `call_table_ref` in order to gain code execution. An attacker can execute arbitrary code under the context of SYSTEM or the user of the process.

• 2013-06-10 - Vulnerability reported to vendor
• 2014-05-02 - Coordinated public release of advisory