Kaspersky LabKLA10234KLA10234 Multiple vulnerabilities in Kaspersky products
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
8 High
AI Score
Confidence
Low
0.505 Medium
EPSS
Percentile
97.5%
Multiple critical vulnerabilities have been found in Kaspersky Anti-Virus and Kaspersky Internet Security. Malicious users can exploit these vulnerabilities to execute arbitrary code or read & overwrite local files. Below is a complete list of vulnerabilities
- An integer overflow can be exploited remotely via a specially designed data size argument;
- Unknown vectors related to file downloading and uploading can be exploited remotely via specially designed arguments;
- A buffer overflow can be exploited remotely via specially designed ARJ files.
Original advisories
Related products
CVE list
CVE-2007-0445 critical
CVE-2007-1112 critical
CVE-2007-1879 critical
CVE-2007-1880 high
Solution
Update to latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- WLF
Write Local Files. Exploitation of vulnerabilities with this impact can lead to writing into some inaccessible files. Files that can be read depends on concrete program errors.
- RLF
Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conсrete program errors.
Affected Products
- Kaspersky Anti-Virus version 6.0Kaspersky Internet Security version 6.0
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
8 High
AI Score
Confidence
Low
0.505 Medium
EPSS
Percentile
97.5%