Lucene search

[email protected]CVE-2010-3396

HistorySep 15, 2010 - 6:00 p.m.

CVE-2010-3396

2010-09-1518:00:44

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-3396

buffer overflow

kavfm.sys

kingsoft antivirus

arbitrary code execution

nvd

security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

kingsoftkingsoft_antivirusRange≤2010.04.26.648

CPENameOperatorVersion
kingsoft:kingsoft_antiviruskingsoft kingsoft antivirusle2010.04.26.648

CPE	Name	Operator	Version
kingsoft:kingsoft_antivirus	kingsoft kingsoft antivirus	le	2010.04.26.648

References

secunia.com/advisories/41393

www.exploit-db.com/exploits/14987

www.securityfocus.com/bid/43173

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6650

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2010-3396

cvelist1 prion1 nvd1 openvas2