Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Kaspersky_anti\-Virus
(Kaspersky_lab)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 28 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2007-09-26 | CVE-2007-5086 | Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT... | Kaspersky_anti\-Virus, Kaspersky_internet_security | N/A | ||
| 2007-04-05 | CVE-2007-1881 | Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors. | Kaspersky_anti\-Virus, Kaspersky_internet_security | N/A | ||
| 2007-04-05 | CVE-2007-1880 | Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow. | Kaspersky_anti\-Virus, Kaspersky_internet_security | N/A | ||
| 2007-04-05 | CVE-2007-1879 | The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112. | Kaspersky_anti\-Virus, Kaspersky_internet_security | N/A | ||
| 2007-04-05 | CVE-2007-1112 | Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods. | Kaspersky_anti\-Virus, Kaspersky_internet_security | N/A | ||
| 2007-04-05 | CVE-2007-0445 | Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives. | Kaspersky_anti\-Virus, Kaspersky_internet_security | N/A | ||
| 2006-12-10 | CVE-2006-6408 | Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | Kaspersky_anti\-Virus | N/A | ||
| 2006-10-20 | CVE-2006-4926 | The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL. | Kaspersky_anti\-Virus, Kaspersky_anti\-Virus_personal, Kaspersky_anti\-Virus_personal_pro, Kaspersky_internet_security | N/A | ||
| 2006-03-09 | CVE-2006-1091 | Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack vectors. | Kaspersky_anti\-Virus | N/A | ||
| 2005-11-18 | CVE-2005-3664 | Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file. | F\-Secure_anti\-Virus, Kaspersky_anti\-Virus, Kaspersky_anti\-Virus_personal | N/A |