CVE-2007-5086
https://notcve.org/view.php?id=CVE-2007-5086
Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks. NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1. NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that "it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms." Kaspersky Anti-Virus (KAV) y Internet Security 7.0 construcción 125 no valida de forma adecuada ciertos parámetros en System Service Descriptor Table (SSDT) y manejadores de función Shadow SSDT, lo cual permite a usuarios locales provocar denegación de servicio (caida) a través de (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, y (7) NtUserBuildHwndList kernel SSDT enganchado en kylif.sys; el gancho(8) kernel NtDuplicateObject (DuplicateHandle) SSDT. NOTA: el vendededor cuestiona que el vector DuplicateHandle es una vulnerabilidad en su código, basándose en que "no es un error de nuestro código, pero un método oscuro para la manipulación estandar de las rutinas de windows sortea nuestros mecanismos de autodefensa". • http://osvdb.org/37990 http://secunia.com/advisories/26887 http://www.kaspersky.com/technews?id=203038706 http://www.rootkit.com/newsread.php?newsid=778 http://www.vupen.com/english/advisories/2007/3259 • CWE-20: Improper Input Validation •
CVE-2007-5043
https://notcve.org/view.php?id=CVE-2007-5043
Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to (1) cause a denial of service (crash) and possibly gain privileges via the NtCreateSection kernel SSDT hook or (2) cause a denial of service (avp.exe service outage) via the NtLoadDriver kernel SSDT hook. NOTE: this issue may partially overlap CVE-2006-3074. Kaspersky Internet Security 7.0.0.125 no valida de forma adecuada ciertos parámetros en los manejadores de función System Service Descriptor Table (SSDT), el cual permite a usuarios locales (1) provocar denegación de servicio (caida) y posiblemente ganar privilegios a través del secuestro de NtCreateSection kernel SSDT o (2) provocar denegación de servicio (apagón del servicio avp.exe) a través del secuestro de NtLoadDriver kernel SSDT. NOTA: este asunto podría estar parcialmente solapado con CVE-2006-3074. • http://securityreason.com/securityalert/3161 http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php http://www.securityfocus.com/archive/1/479830/100/0/threaded • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-1881 – Kaspersky AntiVirus 6.0 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-1881
Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors. Vulnerabilidad no especificada en KLIF (klif.sys) de Kaspersky Anti-Virus, Anti-Virus para estaciones de trabajo, y Anti-Virus para Servidores de archivos 6.0, e Internet Security 6.0 versiones anteriores a Maintenance Pack 2 build 6.0.2.614 permite a usuarios locales obtener privilegios Ring-0 mediante vectores no especificados. • https://www.exploit-db.com/exploits/3131 http://secunia.com/advisories/24778 http://www.kaspersky.com/technews?id=203038693 http://www.kaspersky.com/technews?id=203038694 http://www.osvdb.org/33852 http://www.vupen.com/english/advisories/2007/1268 •
CVE-2007-1880
https://notcve.org/view.php?id=CVE-2007-1880
Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow. Desbordamiento de búfer de entero en la función _NtSetValueKey en klif.sys en Kaspersky Anti-Virus, Anti-Virus para estaciones de trabajo, Anti-Virus para File Server 6.0, e Internet Security 6.0 anterior a Maintenance Pack 2 construcción 6.0.2.614 permite a atacantes dependientes del contexto ejecutar código de su elección a través de un argumento de tamaño de datos no asignado, el cual resulta en un desbordamiento de pila. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=505 http://secunia.com/advisories/24778 http://www.kaspersky.com/technews?id=203038693 http://www.kaspersky.com/technews?id=203038694 http://www.osvdb.org/33851 http://www.securityfocus.com/bid/23326 http://www.securitytracker.com/id?1017872 http://www.securitytracker.com/id? •
CVE-2007-1879
https://notcve.org/view.php?id=CVE-2007-1879
The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112. La función StartUploading del control de ActiveX KL.SysInfo (AxKLSysInfo.dll) en el Anti-Virus Kaspersky 6.0 y Internet Security 6.0 antes del parche de mantenimiento 2 versión 6.0.2.614 permite a atacantes remotos leer ficheros de su elección disparando una sesión FTP anónima de salida que invoca a un comando PUT. NOTA: esta vulnerabilidad puede estar relacionada con la CVE-2007-1112. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504 http://secunia.com/advisories/24778 http://www.kaspersky.com/technews?id=203038694 http://www.securityfocus.com/bid/23325 http://www.securitytracker.com/id?1017871 http://www.vupen.com/english/advisories/2007/1268 https://exchange.xforce.ibmcloud.com/vulnerabilities/33464 •