CVSS: 7.5EPSS: 11%CPEs: 2EXPL: 4CVE-2009-2966 – Kaspersky 2010 - Remote Memory Corruption / Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-2966
25 Aug 2009 — avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters. avp.exe en Kaspersky Internet Security v9.0.0.459 y Anti-Virus v9.0.0.463 permite a atacantes remotos producir una denegación de servicio (consumo de CPU y perdida de conectividad con la red) a través de una petición de URL HTTP que contiene un gran numero de p... • https://www.exploit-db.com/exploits/9537 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2009-2647
https://notcve.org/view.php?id=CVE-2009-2647
30 Jul 2009 — Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script." Vulnerabilidad no especificada en Kaspersky Anti-Virus 2010 y Kaspersky Internet Security 2010 anteriores a Critical Fix v9.0.0.463 permite a los atacantes remotos deshabilitar la aplicación Kaspersky a través de un vector de ataque no relacionado a "una secuencia de... • http://osvdb.org/56351 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0449 – Kaspersky (Multiple Products) - 'klim5.sys' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-0449
05 Feb 2009 — Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call. Desbordamiento de búfer en klim5.sys de Kaspersky Anti-Virus for Workstations v6.0 y Anti-Virus 2008, permite a usuarios locales obtener privilegios a través de una llamada IOCTL 0x80052110. • https://www.exploit-db.com/exploits/32771 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-5426
https://notcve.org/view.php?id=CVE-2008-5426
11 Dec 2008 — Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. Kaspersky Internet Security Suite 2009 no gestiona apropiadamente (1) mensajes de correo multipart/mixed con muchas partes MIME y posibl... • http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2008-1518
https://notcve.org/view.php?id=CVE-2008-1518
05 Jun 2008 — Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call. Desbordamiento de búfer basado en pila en kl1.sys en Kaspersky Anti-Virus 6.0 y 7.0, y en Internet Security 6.0 y 7.0, permite a usuarios locales aumentar privilegios a través de una llamada IOCTL 0x800520e8 • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=704 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 7%CPEs: 1EXPL: 0CVE-2007-3675
https://notcve.org/view.php?id=CVE-2007-3675
12 Oct 2007 — Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows. Múltiples vulnerabilidades de cadena de formato en el control ActiveX kavwebscan.CKAVWebScan (kavwebscan.dll) de Kaspersky Online Scanner anterior a 5.0.98 permite a atacantes remotos ejecutar código de su... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=606 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2007-5086
https://notcve.org/view.php?id=CVE-2007-5086
26 Sep 2007 — Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly... • http://osvdb.org/37990 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5043
https://notcve.org/view.php?id=CVE-2007-5043
24 Sep 2007 — Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to (1) cause a denial of service (crash) and possibly gain privileges via the NtCreateSection kernel SSDT hook or (2) cause a denial of service (avp.exe service outage) via the NtLoadDriver kernel SSDT hook. NOTE: this issue may partially overlap CVE-2006-3074. Kaspersky Internet Security 7.0.0.125 no valida de forma adecuada ciertos paráme... • http://securityreason.com/securityalert/3161 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4206
https://notcve.org/view.php?id=CVE-2007-4206
08 Aug 2007 — Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets incorrect permissions for application files in certain upgrade scenarios, which might allow local users to gain privileges. El Kaspersky Anti-Spam 3.0 MP1 anterior al Critical Fix 2 (3.0.278.4) establece permisos incorrectos para los ficheros de aplicación en ciertos escenarios mejorados, lo que permite a usuarios locales obtener privilegios. • http://osvdb.org/37216 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3906
https://notcve.org/view.php?id=CVE-2007-3906
19 Jul 2007 — Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow attackers to cause a denial of service (kernel hang) via unspecified vectors. NOTE: it is not clear whether there is an attacker role. Vulnerabilidad sin especificar en el Anti-Virus Kaspersky para el Check Point FireWall-1 anterior al Critical Fix 1 (5.5.161.0) puede permitir a atacantes provocar una denegación de servicio (cuelgue del kernel) a través de vectores sin especificar. NOTA... • http://osvdb.org/36127 •