Vulnerabilities > Kaspersky LAB
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-06 | CVE-2007-1881 | Local Security vulnerability in Kaspersky Internet Security Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors. | 6.8 |
| 2007-04-06 | CVE-2007-1880 | Local Heap Overflow vulnerability in Kaspersky Internet Security Suite Klif.SYS Driver Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow. local kaspersky-lab | 6.6 |
| 2007-04-06 | CVE-2007-1879 | Unspecified vulnerability in Kaspersky LAB Kaspersky Anti-Virus and Kaspersky Internet Security The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. | 9.3 |
| 2007-04-06 | CVE-2007-1112 | Unspecified vulnerability in Kaspersky LAB Kaspersky Anti-Virus and Kaspersky Internet Security Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods. | 10.0 |
| 2007-04-06 | CVE-2007-0445 | Remote Heap Overflow vulnerability in Kaspersky Antivirus Engine ARJ Archive Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives. | 10.0 |
| 2007-03-06 | CVE-2007-1281 | Remote Denial of Service vulnerability in Kaspersky LAB Kaspersky Antivirus Engine 5.5.10/6.0.1.411 Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression. | 7.8 |
| 2007-01-09 | CVE-2007-0125 | Denial Of Service vulnerability in Kaspersky LAB Kaspersky Antivirus Engine 5.5.10/6.0 Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file. | 5.0 |
| 2006-12-10 | CVE-2006-6408 | Unspecified vulnerability in Kaspersky LAB Kaspersky Anti-Virus 5.5.10 Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | 5.0 |
| 2006-10-20 | CVE-2006-4926 | Local Privilege Escalation vulnerability in Kaspersky Labs Anti-Virus NDIS-TDI Hooking Engine The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL. | 7.2 |
| 2006-08-21 | CVE-2006-4265 | Remote Security vulnerability in Kaspersky LAB Kaspersky Anti-Hacker 1.8.180 Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows remote attackers to obtain responses to ICMP (1) timestamp and (2) netmask requests, which is inconsistent with the documented behavior of Stealth Mode. | 5.0 |