5 results (0.016 seconds)

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 1

Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors. Vulnerabilidad no especificada en KLIF (klif.sys) de Kaspersky Anti-Virus, Anti-Virus para estaciones de trabajo, y Anti-Virus para Servidores de archivos 6.0, e Internet Security 6.0 versiones anteriores a Maintenance Pack 2 build 6.0.2.614 permite a usuarios locales obtener privilegios Ring-0 mediante vectores no especificados. • https://www.exploit-db.com/exploits/3131 http://secunia.com/advisories/24778 http://www.kaspersky.com/technews?id=203038693 http://www.kaspersky.com/technews?id=203038694 http://www.osvdb.org/33852 http://www.vupen.com/english/advisories/2007/1268 •

CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0

Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow. Desbordamiento de búfer de entero en la función _NtSetValueKey en klif.sys en Kaspersky Anti-Virus, Anti-Virus para estaciones de trabajo, Anti-Virus para File Server 6.0, e Internet Security 6.0 anterior a Maintenance Pack 2 construcción 6.0.2.614 permite a atacantes dependientes del contexto ejecutar código de su elección a través de un argumento de tamaño de datos no asignado, el cual resulta en un desbordamiento de pila. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=505 http://secunia.com/advisories/24778 http://www.kaspersky.com/technews?id=203038693 http://www.kaspersky.com/technews?id=203038694 http://www.osvdb.org/33851 http://www.securityfocus.com/bid/23326 http://www.securitytracker.com/id?1017872 http://www.securitytracker.com/id? •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 4

The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL. El NDIS-TDI Hooking Engine, según lo utilizado en (1) KLICK (KLICK.SYS) y (2) KLIN (KLIN.SYS) en los controladores de dispositivos 2.0.0.281 en Kaspersky Labs Anti-Virus 6.0.0.303 y otros antivirus o productos de seguridad de Internet, permite a un usuario local ejecutar código de su elección a través de un estructura Irp artesanal con una dirección inválida en 0x80052110 IOCTL. • https://www.exploit-db.com/exploits/2676 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425 http://secunia.com/advisories/22478 http://securitytracker.com/id?1017093 http://www.kaspersky.com/technews?id=203038678 http://www.osvdb.org/29891 http://www.securityfocus.com/archive/1/449289/100/0/threaded http://www.securityfocus.com/archive/1/449301/100/0/threaded http://www.securityfocus.com/bid/20635 http://www.vupen.com/english/advisories/2006/4117 https&# •

CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0

Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack vectors. • http://securityreason.com/securityalert/535 http://www.securityfocus.com/archive/1/426699 http://www.securityfocus.com/bid/16942 https://exchange.xforce.ibmcloud.com/vulnerabilities/25221 •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0

Multiple interpretation error in Kaspersky 5.0.372 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." • http://marc.info/?l=bugtraq&m=113026417802703&w=2 http://www.securityelf.org/magicbyte.html http://www.securityelf.org/magicbyteadv.html http://www.securityelf.org/updmagic.html http://www.securityfocus.com/bid/15189 •