CVE-2007-1880

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow.

Desbordamiento de búfer de entero en la función _NtSetValueKey en klif.sys en Kaspersky Anti-Virus, Anti-Virus para estaciones de trabajo, Anti-Virus para File Server 6.0, e Internet Security 6.0 anterior a Maintenance Pack 2 construcción 6.0.2.614 permite a atacantes dependientes del contexto ejecutar código de su elección a través de un argumento de tamaño de datos no asignado, el cual resulta en un desbordamiento de pila.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-04-05 CVE Reserved
2007-04-06 CVE Published
2024-08-07 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
http://www.kaspersky.com/technews?id=203038693	X_refsource_confirm
http://www.kaspersky.com/technews?id=203038694	X_refsource_confirm
http://www.osvdb.org/33851	Vdb Entry
http://www.securityfocus.com/bid/23326	Vdb Entry
http://www.securitytracker.com/id?1017872	Vdb Entry
http://www.securitytracker.com/id?1017873	Vdb Entry
http://www.vupen.com/english/advisories/2007/1268	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/33460	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=505	2017-07-29
http://secunia.com/advisories/24778	2017-07-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Kaspersky Lab Search vendor "Kaspersky Lab"		Kaspersky Anti-virus Search vendor "Kaspersky Lab" for product "Kaspersky Anti-virus"				<= 6.0 Search vendor "Kaspersky Lab" for product "Kaspersky Anti-virus" and version " <= 6.0"		file_servers		Affected
Kaspersky Lab Search vendor "Kaspersky Lab"		Kaspersky Anti-virus Search vendor "Kaspersky Lab" for product "Kaspersky Anti-virus"				<= 6.0 Search vendor "Kaspersky Lab" for product "Kaspersky Anti-virus" and version " <= 6.0"		windows_workstation		Affected
Kaspersky Lab Search vendor "Kaspersky Lab"		Kaspersky Anti-virus Search vendor "Kaspersky Lab" for product "Kaspersky Anti-virus"				6.0 Search vendor "Kaspersky Lab" for product "Kaspersky Anti-virus" and version "6.0"		-		Affected
Kaspersky Lab Search vendor "Kaspersky Lab"		Kaspersky Internet Security Search vendor "Kaspersky Lab" for product "Kaspersky Internet Security"				<= 6.0.1.411 Search vendor "Kaspersky Lab" for product "Kaspersky Internet Security" and version " <= 6.0.1.411"		-		Affected