
CVE-2009-4452 – Kaspersky Lab (Multiple Products) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-4452
29 Dec 2009 — Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse. Kaspersky Anti-Virus v5.0 (v5.0.712); Antivirus Personal v5.0.x; Anti-Virus v6.0 (v6.0.3.837), v7 (v7.0.1.325), 2009 (... • https://www.exploit-db.com/exploits/10484 • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2009-4114 – Kaspersky AV 2010 9.0.0.463 - Local Denial of Service
https://notcve.org/view.php?id=CVE-2009-4114
30 Nov 2009 — kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl. kl1.sys en Kaspersky Anti-Virus 2010 v9.0.0.463, y posiblemente otras versiones anteriores a la v9.0.0.736, no valida apropiadamente la entrada a IOCTL 0x0022c008, lo que permite a... • https://www.exploit-db.com/exploits/10164 • CWE-20: Improper Input Validation •

CVE-2009-2966 – Kaspersky 2010 - Remote Memory Corruption / Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-2966
25 Aug 2009 — avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters. avp.exe en Kaspersky Internet Security v9.0.0.459 y Anti-Virus v9.0.0.463 permite a atacantes remotos producir una denegación de servicio (consumo de CPU y perdida de conectividad con la red) a través de una petición de URL HTTP que contiene un gran numero de p... • https://www.exploit-db.com/exploits/9537 • CWE-399: Resource Management Errors •

CVE-2009-0449 – Kaspersky (Multiple Products) - 'klim5.sys' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-0449
05 Feb 2009 — Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call. Desbordamiento de búfer en klim5.sys de Kaspersky Anti-Virus for Workstations v6.0 y Anti-Virus 2008, permite a usuarios locales obtener privilegios a través de una llamada IOCTL 0x80052110. • https://www.exploit-db.com/exploits/32771 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •