Vulnerabilities > CVE-2007-1880 - Local Heap Overflow vulnerability in Kaspersky Internet Security Suite Klif.SYS Driver
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow. The vendor has addressed this vulnerability within Maintenance Pack 2. More information is available from the following link: http://www.kaspersky.com/technews?id=203038693
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
| NASL family | Windows |
| NASL id | KASPERSKY_AV6_MULT_VULNS.NASL |
| description | The version of the Kaspersky antivirus product installed on the remote host may be affected by buffer overflow, privilege escalation, and information disclosure vulnerabilities, depending on the actual product installed. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 25021 |
| published | 2007-04-10 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/25021 |
| title | Kaspersky Anti-Virus < 6.0.2.614 Multiple Vulnerabilities |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=505
- http://secunia.com/advisories/24778
- http://www.kaspersky.com/technews?id=203038693
- http://www.kaspersky.com/technews?id=203038694
- http://www.osvdb.org/33851
- http://www.securityfocus.com/bid/23326
- http://www.securitytracker.com/id?1017872
- http://www.securitytracker.com/id?1017873
- http://www.vupen.com/english/advisories/2007/1268
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33460