CVSS: 6.2EPSS: 97%CPEs: 16EXPL: 0CVE-2012-1425
https://notcve.org/view.php?id=CVE-2012-1425
21 Mar 2012 — The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Prote... • http://osvdb.org/80389 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.2EPSS: 97%CPEs: 29EXPL: 0CVE-2012-1457
https://notcve.org/view.php?id=CVE-2012-1457
21 Mar 2012 — The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning E... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 2CVE-2009-4452 – Kaspersky Lab (Multiple Products) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-4452
29 Dec 2009 — Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse. Kaspersky Anti-Virus v5.0 (v5.0.712); Antivirus Personal v5.0.x; Anti-Virus v6.0 (v6.0.3.837), v7 (v7.0.1.325), 2009 (... • https://www.exploit-db.com/exploits/10484 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 4CVE-2009-4114 – Kaspersky AV 2010 9.0.0.463 - Local Denial of Service
https://notcve.org/view.php?id=CVE-2009-4114
30 Nov 2009 — kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl. kl1.sys en Kaspersky Anti-Virus 2010 v9.0.0.463, y posiblemente otras versiones anteriores a la v9.0.0.736, no valida apropiadamente la entrada a IOCTL 0x0022c008, lo que permite a... • https://www.exploit-db.com/exploits/10164 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3177
https://notcve.org/view.php?id=CVE-2009-3177
11 Sep 2009 — Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2) "Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerab... • http://intevydis.com/vd-list.shtml •
CVSS: 7.5EPSS: 17%CPEs: 2EXPL: 4CVE-2009-2966 – Kaspersky 2010 - Remote Memory Corruption / Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-2966
25 Aug 2009 — avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters. avp.exe en Kaspersky Internet Security v9.0.0.459 y Anti-Virus v9.0.0.463 permite a atacantes remotos producir una denegación de servicio (consumo de CPU y perdida de conectividad con la red) a través de una petición de URL HTTP que contiene un gran numero de p... • https://www.exploit-db.com/exploits/9537 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2009-2647
https://notcve.org/view.php?id=CVE-2009-2647
30 Jul 2009 — Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script." Vulnerabilidad no especificada en Kaspersky Anti-Virus 2010 y Kaspersky Internet Security 2010 anteriores a Critical Fix v9.0.0.463 permite a los atacantes remotos deshabilitar la aplicación Kaspersky a través de un vector de ataque no relacionado a "una secuencia de... • http://osvdb.org/56351 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0449 – Kaspersky (Multiple Products) - 'klim5.sys' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-0449
05 Feb 2009 — Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call. Desbordamiento de búfer en klim5.sys de Kaspersky Anti-Virus for Workstations v6.0 y Anti-Virus 2008, permite a usuarios locales obtener privilegios a través de una llamada IOCTL 0x80052110. • https://www.exploit-db.com/exploits/32771 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2008-1518
https://notcve.org/view.php?id=CVE-2008-1518
05 Jun 2008 — Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call. Desbordamiento de búfer basado en pila en kl1.sys en Kaspersky Anti-Virus 6.0 y 7.0, y en Internet Security 6.0 y 7.0, permite a usuarios locales aumentar privilegios a través de una llamada IOCTL 0x800520e8 • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=704 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2007-5086
https://notcve.org/view.php?id=CVE-2007-5086
26 Sep 2007 — Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly... • http://osvdb.org/37990 • CWE-20: Improper Input Validation •