Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Published: 2007-04-06
Updated: 2017-07-29
Summary
Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow. The vendor has addressed this vulnerability within Maintenance Pack 2. More information is available from the following link: http://www.kaspersky.com/technews?id=203038693
Vulnerable Configurations
Nessus
NASL family | Windows |
NASL id | KASPERSKY_AV6_MULT_VULNS.NASL |
description | The version of the Kaspersky antivirus product installed on the remote host may be affected by buffer overflow, privilege escalation, and information disclosure vulnerabilities, depending on the actual product installed. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25021 |
published | 2007-04-10 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/25021 |
title | Kaspersky Anti-Virus < 6.0.2.614 Multiple Vulnerabilities |