Lucene search
AnonymousZDI-07-013HistoryApr 05, 2007 - 12:00 a.m.
Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability
2007-04-0500:00:00
Anonymous
www.zerodayinitiative.com
7
0.505 Medium
EPSS
Percentile
97.5%
This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of the Kaspersky Anti-Virus Engine. User interaction is not required to exploit this vulnerability. The specific flaw exists in the engineβs handling of the ARJ archive format. The Kaspersky engine copies data from scanned archives into an unchecked heap-based buffer. This results in heap corruption when a malformed ARJ archive is processed by an application that utilizes the engine. This corruption can be exploited to execute arbitrary code.
References
Related
seebug
seebug
Kaspersky AntiVirusζζ―εΌζARJζ摣解ζε ζΊ’εΊζΌζ΄
2007-04-07 00:00:00
cvelist
cvelist
CVE-2007-0445
2007-04-06 00:00:00
nvd
nvd
CVE-2007-0445
2007-04-06 00:19:00
securityvulns
securityvulns
prion
prion
Heap overflow
2007-04-06 00:19:00
cve
cve
CVE-2007-0445
2007-04-06 00:19:00
kaspersky
kaspersky
KLA10234 Multiple vulnerabilities in Kaspersky products
2007-04-05 00:00:00
nessus
nessus
Kaspersky Anti-Virus < 6.0.2.614 Multiple Vulnerabilities
2007-04-10 00:00:00