CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5163
https://notcve.org/view.php?id=CVE-2010-5163
25 Aug 2012 — Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program ... • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 2CVE-2009-4452 – Kaspersky Lab (Multiple Products) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-4452
29 Dec 2009 — Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse. Kaspersky Anti-Virus v5.0 (v5.0.712); Antivirus Personal v5.0.x; Anti-Virus v6.0 (v6.0.3.837), v7 (v7.0.1.325), 2009 (... • https://www.exploit-db.com/exploits/10484 • CWE-264: Permissions, Privileges, and Access Controls •