[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256610

 
 

909

 
 

199263

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1880Date: (C)2007-04-05   (M)2023-12-22


Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.6
Exploit Score: 2.7
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1017872
SECTRACK-1017873
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=505
BID-23326
SECUNIA-24778
OSVDB-33851
ADV-2007-1268
http://www.kaspersky.com/technews?id=203038693
http://www.kaspersky.com/technews?id=203038694
kaspersky-klif-bo(33460)

© SecPod Technologies