Vulnerabilities > Kaspersky LAB > Kaspersky Anti Virus > 6.0

DATE CVE VULNERABILITY TITLE RISK
2009-02-10 CVE-2009-0449 Buffer Errors vulnerability in Kaspersky LAB Kaspersky Anti-Virus 2008/6.0
Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call.
local
low complexity
kaspersky-lab CWE-119
7.2
2008-06-05 CVE-2008-1518 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Kaspersky LAB Kaspersky Anti-Virus and Kaspersky Internet Security
Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call.
local
low complexity
kaspersky-lab CWE-119
7.2
2007-04-06 CVE-2007-1881 Local Security vulnerability in Kaspersky Internet Security
Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors.
local
low complexity
kaspersky-lab
6.8
2007-04-06 CVE-2007-1880 Local Heap Overflow vulnerability in Kaspersky Internet Security Suite Klif.SYS Driver
Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow.
6.6
2007-04-06 CVE-2007-1879 Unspecified vulnerability in Kaspersky LAB Kaspersky Anti-Virus and Kaspersky Internet Security
The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command.
network
kaspersky-lab
critical
9.3
2007-04-06 CVE-2007-1112 Unspecified vulnerability in Kaspersky LAB Kaspersky Anti-Virus and Kaspersky Internet Security
Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.
network
low complexity
kaspersky-lab
critical
10.0
2007-04-06 CVE-2007-0445 Remote Heap Overflow vulnerability in Kaspersky Antivirus Engine ARJ Archive
Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives.
network
low complexity
kaspersky-lab
critical
10.0
2006-10-20 CVE-2006-4926 Local Privilege Escalation vulnerability in Kaspersky Labs Anti-Virus NDIS-TDI Hooking Engine
The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL.
local
low complexity
kaspersky-lab
7.2