NotCVE - vendor:"Kaspersky"

Page 14 of 100 results (0.004 seconds)

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 1

CVE-2007-5086

https://notcve.org/view.php?id=CVE-2007-5086

Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks. NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1. NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that "it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms." Kaspersky Anti-Virus (KAV) y Internet Security 7.0 construcción 125 no valida de forma adecuada ciertos parámetros en System Service Descriptor Table (SSDT) y manejadores de función Shadow SSDT, lo cual permite a usuarios locales provocar denegación de servicio (caida) a través de (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, y (7) NtUserBuildHwndList kernel SSDT enganchado en kylif.sys; el gancho(8) kernel NtDuplicateObject (DuplicateHandle) SSDT. NOTA: el vendededor cuestiona que el vector DuplicateHandle es una vulnerabilidad en su código, basándose en que "no es un error de nuestro código, pero un método oscuro para la manipulación estandar de las rutinas de windows sortea nuestros mecanismos de autodefensa". • http://osvdb.org/37990 http://secunia.com/advisories/26887 http://www.kaspersky.com/technews?id=203038706 http://www.rootkit.com/newsread.php?newsid=778 http://www.vupen.com/english/advisories/2007/3259 • CWE-20: Improper Input Validation •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-5043

https://notcve.org/view.php?id=CVE-2007-5043

Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to (1) cause a denial of service (crash) and possibly gain privileges via the NtCreateSection kernel SSDT hook or (2) cause a denial of service (avp.exe service outage) via the NtLoadDriver kernel SSDT hook. NOTE: this issue may partially overlap CVE-2006-3074. Kaspersky Internet Security 7.0.0.125 no valida de forma adecuada ciertos parámetros en los manejadores de función System Service Descriptor Table (SSDT), el cual permite a usuarios locales (1) provocar denegación de servicio (caida) y posiblemente ganar privilegios a través del secuestro de NtCreateSection kernel SSDT o (2) provocar denegación de servicio (apagón del servicio avp.exe) a través del secuestro de NtLoadDriver kernel SSDT. NOTA: este asunto podría estar parcialmente solapado con CVE-2006-3074. • http://securityreason.com/securityalert/3161 http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php http://www.securityfocus.com/archive/1/479830/100/0/threaded • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-4206

https://notcve.org/view.php?id=CVE-2007-4206

Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets incorrect permissions for application files in certain upgrade scenarios, which might allow local users to gain privileges. El Kaspersky Anti-Spam 3.0 MP1 anterior al Critical Fix 2 (3.0.278.4) establece permisos incorrectos para los ficheros de aplicación en ciertos escenarios mejorados, lo que permite a usuarios locales obtener privilegios. • http://osvdb.org/37216 http://secunia.com/advisories/26312 http://www.kaspersky.com/technews?id=203038705 http://www.securityfocus.com/bid/25189 https://exchange.xforce.ibmcloud.com/vulnerabilities/35782 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-3906

https://notcve.org/view.php?id=CVE-2007-3906

Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow attackers to cause a denial of service (kernel hang) via unspecified vectors. NOTE: it is not clear whether there is an attacker role. Vulnerabilidad sin especificar en el Anti-Virus Kaspersky para el Check Point FireWall-1 anterior al Critical Fix 1 (5.5.161.0) puede permitir a atacantes provocar una denegación de servicio (cuelgue del kernel) a través de vectores sin especificar. NOTA: no está claro si existe un rol de atacante. • http://osvdb.org/36127 http://secunia.com/advisories/26064 http://support.kaspersky.com/checkpoint?qid=208279464 http://www.securityfocus.com/bid/24932 http://www.vupen.com/english/advisories/2007/2561 https://exchange.xforce.ibmcloud.com/vulnerabilities/35454 •

CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0

CVE-2007-3502

https://notcve.org/view.php?id=CVE-2007-3502

Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories. Vulnerabilidad no especificada en el sistema de configuración de producto basado en web de Kaspersky Anti-Spam anterior a 3.0 MP1 permite a atacantes remotos obtener acceso a determinados directorios. • http://osvdb.org/37217 http://secunia.com/advisories/25857 http://www.kaspersky.com/technews?id=203038700 http://www.securityfocus.com/bid/24692 http://www.securitytracker.com/id?1018324 http://www.vupen.com/english/advisories/2007/2382 https://exchange.xforce.ibmcloud.com/vulnerabilities/35130 •

1...12 13 14 15 16