CVE-2009-4452 – Kaspersky Lab (Multiple Products) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-4452
Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse. Kaspersky Anti-Virus v5.0 (v5.0.712); Antivirus Personal v5.0.x; Anti-Virus v6.0 (v6.0.3.837), v7 (v7.0.1.325), 2009 (v8.0.0.x), and 2010 (v9.0.0.463); y Internet Security v7 (v7.0.1.325), 2009 (v8.0.0.x), and 2010 (v9.0.0.463); usan permisos débiles (Todo el mundo: Control Total) en el directorio BASES, lo que permite a usuarios locales obtener privilegios de SYSTEM sustituyendo un ejecutable o DLL con un caballo de troya. • https://www.exploit-db.com/exploits/10484 http://secunia.com/advisories/37398 http://secunia.com/advisories/37730 http://www.exploit-db.com/exploits/10484 http://www.securityfocus.com/archive/1/508508/100/0/threaded http://www.securitytracker.com/id?1023366 http://www.securitytracker.com/id?1023367 http://www.vupen.com/english/advisories/2009/3573 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-2966 – Kaspersky 2010 - Remote Memory Corruption / Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-2966
avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters. avp.exe en Kaspersky Internet Security v9.0.0.459 y Anti-Virus v9.0.0.463 permite a atacantes remotos producir una denegación de servicio (consumo de CPU y perdida de conectividad con la red) a través de una petición de URL HTTP que contiene un gran numero de puntos ".". • https://www.exploit-db.com/exploits/9537 http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0252.html http://secunia.com/advisories/36405 http://securityreason.com/achievement_securityalert/66 http://www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077 http://www.osvdb.org/57173 http://www.securityfocus.com/bid/36084 http://www.securitytracker.com/id?1022754 http://www.securitytracker.com/id?1022755 https://exchange.xforce.ibmcloud.com/vulnerab • CWE-399: Resource Management Errors •
CVE-2009-2647
https://notcve.org/view.php?id=CVE-2009-2647
Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script." Vulnerabilidad no especificada en Kaspersky Anti-Virus 2010 y Kaspersky Internet Security 2010 anteriores a Critical Fix v9.0.0.463 permite a los atacantes remotos deshabilitar la aplicación Kaspersky a través de un vector de ataque no relacionado a "una secuencia de comandos externa". • http://osvdb.org/56351 http://secunia.com/advisories/35978 http://www.kaspersky.com/technews?id=203038755 http://www.securityfocus.com/bid/35789 http://www.vupen.com/english/advisories/2009/1998 https://exchange.xforce.ibmcloud.com/vulnerabilities/51986 •
CVE-2008-5426
https://notcve.org/view.php?id=CVE-2008-5426
Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. Kaspersky Internet Security Suite 2009 no gestiona apropiadamente (1) mensajes de correo multipart/mixed con muchas partes MIME y posiblemente (2) mensajes de correo electrónico con muchas cabeceras "Content-type: message/rfc822;", lo que permite a atacantes remotos provocar una denegación de servicio (consumo de pila o consumo de otros recursos) mediante un correo electrónico de gran tamaño, un problema relacionado a CVE-2006-1173. • http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro http://securityreason.com/securityalert/4721 http://www.securityfocus.com/archive/1/499038/100/0/threaded http://www.securityfocus.com/archive/1/499045/100/0/threaded • CWE-399: Resource Management Errors •
CVE-2008-1518
https://notcve.org/view.php?id=CVE-2008-1518
Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call. Desbordamiento de búfer basado en pila en kl1.sys en Kaspersky Anti-Virus 6.0 y 7.0, y en Internet Security 6.0 y 7.0, permite a usuarios locales aumentar privilegios a través de una llamada IOCTL 0x800520e8 • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=704 http://secunia.com/advisories/30534 http://securitytracker.com/id?1020195 http://securitytracker.com/id?1020196 http://www.kaspersky.com/technews?id=203038727 http://www.vupen.com/english/advisories/2008/1739 https://exchange.xforce.ibmcloud.com/vulnerabilities/42849 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •