CVSS: 4.3EPSS: 97%CPEs: 14EXPL: 0CVE-2012-1446
https://notcve.org/view.php?id=CVE-2012-1446
The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. El analizador de archivos ELF en Quick Heal (también conocido como Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning 5.400.0.1158, AVEngine 20101.3.0.103 de Symantec Endpoint Protection 11, Norman Antivirus 6.6.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0 .0.125, McAfee gateway (anteriormente Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Antivirus Vet 36.1.8511, Laboratorios Antiy AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, y Panda Antivirus 10.0.2.7 permite a atacantes remotos evitar la detección de malware a través de un archivo ELF con un campo encoding modificado. NOTA: esto más adelante se puede dividir en varios CVEs si la información adicional que se publica muestra que el error se produjo de forma independiente en diferentes implementaciones del analizador ELF. • http://osvdb.org/80426 http://osvdb.org/80427 http://osvdb.org/80428 http://osvdb.org/80430 http://osvdb.org/80431 http://www.ieee-security.org/TC/SP2012/program.html http://www.securityfocus.com/archive/1/522005 http://www.securityfocus.com/bid/52600 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 2CVE-2009-4452 – Kaspersky Lab (Multiple Products) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-4452
Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse. Kaspersky Anti-Virus v5.0 (v5.0.712); Antivirus Personal v5.0.x; Anti-Virus v6.0 (v6.0.3.837), v7 (v7.0.1.325), 2009 (v8.0.0.x), and 2010 (v9.0.0.463); y Internet Security v7 (v7.0.1.325), 2009 (v8.0.0.x), and 2010 (v9.0.0.463); usan permisos débiles (Todo el mundo: Control Total) en el directorio BASES, lo que permite a usuarios locales obtener privilegios de SYSTEM sustituyendo un ejecutable o DLL con un caballo de troya. • https://www.exploit-db.com/exploits/10484 http://secunia.com/advisories/37398 http://secunia.com/advisories/37730 http://www.exploit-db.com/exploits/10484 http://www.securityfocus.com/archive/1/508508/100/0/threaded http://www.securitytracker.com/id?1023366 http://www.securitytracker.com/id?1023367 http://www.vupen.com/english/advisories/2009/3573 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 4CVE-2009-4114 – Kaspersky AV 2010 9.0.0.463 - Local Denial of Service
https://notcve.org/view.php?id=CVE-2009-4114
kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl. kl1.sys en Kaspersky Anti-Virus 2010 v9.0.0.463, y posiblemente otras versiones anteriores a la v9.0.0.736, no valida apropiadamente la entrada a IOCTL 0x0022c008, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de una petición IOCTL usando direcciones de kernel modificadas que provocan una corrupción de memoria, posiblemente relacionado con klavemu.kdl. • https://www.exploit-db.com/exploits/10164 http://osvdb.org/60207 http://secunia.com/advisories/37398 http://sysdream.com/article.php?story_id=323§ion_id=78 http://www.securityfocus.com/archive/1/507933/100/0/threaded http://www.securityfocus.com/bid/37044 http://www.securitytracker.com/id?1023198 http://www.vupen.com/english/advisories/2009/3286 https://exchange.xforce.ibmcloud.com/vulnerabilities/54309 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3177
https://notcve.org/view.php?id=CVE-2009-3177
Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2) "Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no específica en Kaspersky Online Scanner v7.0, tiene un impacto y verctores de ataque desconocidos, como se demostró por un módulo concreto en VulnDisco Pack Professional v8.8, (1) "Kaspersky Online Antivirus Scanner v7.0 exploit (Linux)" y (2) "Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)." NOTA, como en 20090909, de esta información no se tiene información de la acción. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/36570 http://www.securityfocus.com/bid/36243 http://www.securitytracker.com/id?1022831 •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 4CVE-2009-2966 – Kaspersky 2010 - Remote Memory Corruption / Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-2966
avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters. avp.exe en Kaspersky Internet Security v9.0.0.459 y Anti-Virus v9.0.0.463 permite a atacantes remotos producir una denegación de servicio (consumo de CPU y perdida de conectividad con la red) a través de una petición de URL HTTP que contiene un gran numero de puntos ".". • https://www.exploit-db.com/exploits/9537 http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0252.html http://secunia.com/advisories/36405 http://securityreason.com/achievement_securityalert/66 http://www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077 http://www.osvdb.org/57173 http://www.securityfocus.com/bid/36084 http://www.securitytracker.com/id?1022754 http://www.securitytracker.com/id?1022755 https://exchange.xforce.ibmcloud.com/vulnerab • CWE-399: Resource Management Errors •