CVE-2007-1880

2007-04-0600:19:00

[email protected]

web.nvd.nist.gov

cve-2007-1880

integer overflow

klif.sys

kaspersky anti-virus

arbitrary code execution

nvd

6.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.1%

JSON

Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned “data size argument,” which results in a heap overflow.

Affected configurations

NVD

Node

kaspersky_labkaspersky_anti-virusRange≤6.0file_servers

kaspersky_labkaspersky_anti-virusRange≤6.0windows_workstation

kaspersky_labkaspersky_anti-virusMatch6.0

kaspersky_labkaspersky_internet_securityRange≤6.0.1.411

CPENameOperatorVersion
kaspersky_lab:kaspersky_anti-viruskaspersky lab kaspersky anti-virusle6.0
kaspersky_lab:kaspersky_internet_securitykaspersky lab kaspersky internet securityle6.0.1.411

CPE	Name	Operator	Version
kaspersky_lab:kaspersky_anti-virus	kaspersky lab kaspersky anti-virus	le	6.0
kaspersky_lab:kaspersky_internet_security	kaspersky lab kaspersky internet security	le	6.0.1.411