Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2009-4452
HistoryDec 29, 2009 - 8:41 p.m.

CVE-2009-4452

2009-12-2920:41:20
CWE-264
mitre
web.nvd.nist.gov
35
kaspersky
anti-virus
vulnerability
weak permissions
local users
trojan horse
nvd

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.6

Confidence

High

EPSS

0

Percentile

0.4%

JSON

Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse.

Affected configurations

Nvd
Node
kaspersky_labkaspersky_anti-virusMatch5.0.712windows_workstations
OR
kaspersky_labkaspersky_anti-virusMatch6.0.3.837windows_file_servers
OR
kaspersky_labkaspersky_anti-virusMatch6.0.3.837windows_workstation
OR
kaspersky_labkaspersky_anti-virusMatch7.0.1.325
OR
kaspersky_labkaspersky_anti-virus_2009Match8.0.0.454
OR
kaspersky_labkaspersky_anti-virus_2010Match9.0.0.463
OR
kaspersky_labkaspersky_anti-virus_personalMatch5.0
OR
kaspersky_labkaspersky_anti-virus_personalMatch5.0.227
OR
kaspersky_labkaspersky_anti-virus_personalMatch5.0.228
OR
kaspersky_labkaspersky_anti-virus_personalMatch5.0.325
OR
kaspersky_labkaspersky_internet_securityMatch7.0.1.325
OR
kaspersky_labkaspersky_internet_security_2009Match8.0.0.506
OR
kaspersky_labkaspersky_internet_security_2010Match9.0.0.463
VendorProductVersionCPE
kaspersky_labkaspersky_anti-virus5.0.712cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:5.0.712:*:windows_workstations:*:*:*:*:*
kaspersky_labkaspersky_anti-virus6.0.3.837cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0.3.837:*:windows_file_servers:*:*:*:*:*
kaspersky_labkaspersky_anti-virus6.0.3.837cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0.3.837:*:windows_workstation:*:*:*:*:*
kaspersky_labkaspersky_anti-virus7.0.1.325cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:7.0.1.325:*:*:*:*:*:*:*
kaspersky_labkaspersky_anti-virus_20098.0.0.454cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus_2009:8.0.0.454:*:*:*:*:*:*:*
kaspersky_labkaspersky_anti-virus_20109.0.0.463cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus_2010:9.0.0.463:*:*:*:*:*:*:*
kaspersky_labkaspersky_anti-virus_personal5.0cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus_personal:5.0:*:*:*:*:*:*:*
kaspersky_labkaspersky_anti-virus_personal5.0.227cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus_personal:5.0.227:*:*:*:*:*:*:*
kaspersky_labkaspersky_anti-virus_personal5.0.228cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus_personal:5.0.228:*:*:*:*:*:*:*
kaspersky_labkaspersky_anti-virus_personal5.0.325cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus_personal:5.0.325:*:*:*:*:*:*:*
Rows per page:
1-10 of 131

Related

cvelist 1
exploitdb 1
nvd 1
openvas 2
prion 1
cvelist
cvelist
CVE-2009-4452
2009-12-29 20:15:00
exploitdb
exploitdb
Kaspersky Lab (Multiple Products) - Local Privilege Escalation
2009-12-16 00:00:00
nvd
nvd
CVE-2009-4452
2009-12-29 20:41:20
openvas
openvas
Kaspersky Products Privilege Escalation Vulnerability
2010-01-09 00:00:00
Kaspersky Products Privilege Escalation Vulnerability
2010-01-09 00:00:00
prion
prion
Design/Logic Flaw
2009-12-29 20:41:00

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.6

Confidence

High

EPSS

0

Percentile

0.4%

JSON
Related for CVE-2009-4452
cvelist1exploitdb1nvd1openvas2prion1