Search...

Kaspersky Anti-Virus < 6.0.2.614 Multiple Vulnerabilities

2007-04-10T00:00:00

ID KASPERSKY_AV6_MULT_VULNS.NASL
Type nessus
Reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
Modified 2021-01-02T00:00:00

Description

The version of the Kaspersky antivirus product installed on the remote host may be affected by buffer overflow, privilege escalation, and information disclosure vulnerabilities, depending on the actual product installed.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#



include("compat.inc");

if (description)
{
  script_id(25021);
  script_version("1.21");

  script_cve_id(
    "CVE-2007-0445", 
    "CVE-2007-1112", 
    "CVE-2007-1879", 
    "CVE-2007-1880", 
    "CVE-2007-1881"
 );
  script_bugtraq_id(
    23325, 
    23326, 
    23345, 
    23346
 );

  script_name(english:"Kaspersky Anti-Virus &lt; 6.0.2.614 Multiple Vulnerabilities");
  script_summary(english:"Checks product version");

 script_set_attribute(attribute:"synopsis", value:
"The remote Windows host contains an application that is prone to
various issues." );
 script_set_attribute(attribute:"description", value:
"The version of the Kaspersky antivirus product installed on the remote
host may be affected by buffer overflow, privilege escalation, and
information disclosure vulnerabilities, depending on the actual
product installed." );
  # http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=504
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8d1fc561" );
  # http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=505
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?09f76718" );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2007/Apr/104" );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2007/Apr/105" );
 script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-07-013/" );
 script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-07-014/" );
  # http://web.archive.org/web/20101004053627/http://www.kaspersky.com/technews?id=203038693
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b44c0d6c" );
  # http://web.archive.org/web/20100722074058/http://www.kaspersky.com/technews?id=203038694
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ce1089e5" );
 script_set_attribute(attribute:"solution", value:
"If using Kaspersky Anti-Virus / Kaspersky Internet Security, upgrade
to build 6.0.2.614 or later.

If using Kaspersky Anti-Virus for Windows File Servers / Kaspersky
Anti-Virus for Windows Workstation, upgrade to version 6.0 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2007/04/10");
 script_set_attribute(attribute:"vuln_publication_date", value: "2007/04/04");
 script_cvs_date("Date: 2018/11/15 20:50:27");
 script_set_attribute(attribute:"patch_publication_date", value: "2007/04/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe",value:"cpe:/a:kaspersky_lab:kaspersky_anti-virus");
script_end_attributes();


  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");

  script_dependencies("kaspersky_installed.nasl");
  script_require_keys("Antivirus/Kaspersky/installed");

  exit(0);
}


# Check for issues from tech news id# 203038693.
prods = make_list(
  "Kaspersky Anti-Virus for Windows File Servers",
  "Kaspersky Anti-Virus for Windows Workstations" 
);
foreach prod (prods)
{
  install = get_kb_item("Antivirus/Kaspersky/" + prod);
  if (!isnull(install))
  {
    matches = eregmatch(pattern:"^([0-9.]+) in (.*)$", string:install);
    if (!isnull(matches))
    {
      ver = matches[1];
      iver = split(ver, sep:'.', keep:FALSE);
      for (i=0; i&lt;max_index(iver); i++)
        iver[i] = int(iver[i]);

      # nb: versions below 6.0 are affected.
      if (iver[0] &lt; 6)
      {
        report = string(
          "\n",
          "  Product : ", prod, "\n",
          "  Version : ", ver, "\n"
        );
        security_hole(port:get_kb_item("SMB/transport"), extra:report);
        exit(0);
      }
    }
  }
}


# Check for issues from tech news id# 203038694.
prods = make_list(
  "Kaspersky Anti-Virus", 
  "Kaspersky Internet Security"
);
foreach prod (prods)
{
  install = get_kb_item("Antivirus/Kaspersky/" + prod);
  if (!isnull(install))
  {
    matches = eregmatch(pattern:"^([0-9.]+) in (.*)$", string:install);
    if (!isnull(matches))
    {
      ver = matches[1];
      iver = split(ver, sep:'.', keep:FALSE);
      for (i=0; i&lt;max_index(iver); i++)
        iver[i] = int(iver[i]);

      # nb: versions 6.0 below 6.0.2.614 are affected.
      if (
        iver[0] == 6 && iver[1] == 0 && 
        (
          iver[2] &lt; 2 ||
          (iver[2] == 2 && iver[3] &lt; 614)
        )
      )
      {
        report = string(
          "\n",
          "  Product : ", prod, "\n",
          "  Version : ", ver, "\n"
        );
        security_hole(port:get_kb_item("SMB/transport"), extra:report);
        exit(0);
      }
    }
  }
}

JSON Vulners Source

Initial Source

{"id": "KASPERSKY_AV6_MULT_VULNS.NASL", "bulletinFamily": "scanner", "title": "Kaspersky Anti-Virus < 6.0.2.614 Multiple Vulnerabilities", "description": "The version of the Kaspersky antivirus product installed on the remote\nhost may be affected by buffer overflow, privilege escalation, and\ninformation disclosure vulnerabilities, depending on the actual\nproduct installed.", "published": "2007-04-10T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/25021", "reporter": "This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?09f76718", "https://seclists.org/bugtraq/2007/Apr/105", "https://seclists.org/bugtraq/2007/Apr/104", "http://www.nessus.org/u?ce1089e5", "https://www.zerodayinitiative.com/advisories/ZDI-07-013/", "http://www.nessus.org/u?8d1fc561", "http://www.nessus.org/u?b44c0d6c", "https://www.zerodayinitiative.com/advisories/ZDI-07-014/"], "cvelist": ["CVE-2007-1880", "CVE-2007-0445", "CVE-2007-1879", "CVE-2007-1112", "CVE-2007-1881"], "type": "nessus", "lastseen": "2021-01-01T03:19:46", "edition": 25, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:16600", "SECURITYVULNS:VULN:7536", "SECURITYVULNS:DOC:16599"]}, {"type": "kaspersky", "idList": ["KLA10234"]}, {"type": "cve", "idList": ["CVE-2007-0445", "CVE-2007-1879", "CVE-2007-1880", "CVE-2007-1112", "CVE-2007-1881"]}, {"type": "osvdb", "idList": ["OSVDB:34328", "OSVDB:33852", "OSVDB:33848", "OSVDB:33850", "OSVDB:33851", "OSVDB:33849"]}, {"type": "zdi", "idList": ["ZDI-07-014", "ZDI-07-013"]}, {"type": "seebug", "idList": ["SSV:1603"]}], "modified": "2021-01-01T03:19:46", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-01-01T03:19:46", "rev": 2}, "vulnersScore": 7.1}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25021);\n script_version(\"1.21\");\n\n script_cve_id(\n \"CVE-2007-0445\", \n \"CVE-2007-1112\", \n \"CVE-2007-1879\", \n \"CVE-2007-1880\", \n \"CVE-2007-1881\"\n );\n script_bugtraq_id(\n 23325, \n 23326, \n 23345, \n 23346\n );\n\n script_name(english:\"Kaspersky Anti-Virus < 6.0.2.614 Multiple Vulnerabilities\");\n script_summary(english:\"Checks product version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that is prone to\nvarious issues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of the Kaspersky antivirus product installed on the remote\nhost may be affected by buffer overflow, privilege escalation, and\ninformation disclosure vulnerabilities, depending on the actual\nproduct installed.\" );\n # http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=504\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d1fc561\" );\n # http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=505\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09f76718\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2007/Apr/104\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2007/Apr/105\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-07-013/\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-07-014/\" );\n # http://web.archive.org/web/20101004053627/http://www.kaspersky.com/technews?id=203038693\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b44c0d6c\" );\n # http://web.archive.org/web/20100722074058/http://www.kaspersky.com/technews?id=203038694\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ce1089e5\" );\n script_set_attribute(attribute:\"solution\", value:\n\"If using Kaspersky Anti-Virus / Kaspersky Internet Security, upgrade\nto build 6.0.2.614 or later.\n\nIf using Kaspersky Anti-Virus for Windows File Servers / Kaspersky\nAnti-Virus for Windows Workstation, upgrade to version 6.0 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/04/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/04/04\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2007/04/04\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:kaspersky_lab:kaspersky_anti-virus\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"kaspersky_installed.nasl\");\n script_require_keys(\"Antivirus/Kaspersky/installed\");\n\n exit(0);\n}\n\n\n# Check for issues from tech news id# 203038693.\nprods = make_list(\n \"Kaspersky Anti-Virus for Windows File Servers\",\n \"Kaspersky Anti-Virus for Windows Workstations\" \n);\nforeach prod (prods)\n{\n install = get_kb_item(\"Antivirus/Kaspersky/\" + prod);\n if (!isnull(install))\n {\n matches = eregmatch(pattern:\"^([0-9.]+) in (.*)$\", string:install);\n if (!isnull(matches))\n {\n ver = matches[1];\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n # nb: versions below 6.0 are affected.\n if (iver[0] < 6)\n {\n report = string(\n \"\\n\",\n \" Product : \", prod, \"\\n\",\n \" Version : \", ver, \"\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n exit(0);\n }\n }\n }\n}\n\n\n# Check for issues from tech news id# 203038694.\nprods = make_list(\n \"Kaspersky Anti-Virus\", \n \"Kaspersky Internet Security\"\n);\nforeach prod (prods)\n{\n install = get_kb_item(\"Antivirus/Kaspersky/\" + prod);\n if (!isnull(install))\n {\n matches = eregmatch(pattern:\"^([0-9.]+) in (.*)$\", string:install);\n if (!isnull(matches))\n {\n ver = matches[1];\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n # nb: versions 6.0 below 6.0.2.614 are affected.\n if (\n iver[0] == 6 && iver[1] == 0 && \n (\n iver[2] < 2 ||\n (iver[2] == 2 && iver[3] < 614)\n )\n )\n {\n report = string(\n \"\\n\",\n \" Product : \", prod, \"\\n\",\n \" Version : \", ver, \"\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n exit(0);\n }\n }\n }\n}\n", "naslFamily": "Windows", "pluginID": "25021", "cpe": ["cpe:/a:kaspersky_lab:kaspersky_anti-virus"], "scheme": null}

{"securityvulns": [{"lastseen": "2018-08-31T11:09:25", "bulletinFamily": "software", "cvelist": ["CVE-2007-1880", "CVE-2007-0445", "CVE-2007-1879", "CVE-2007-1112", "CVE-2007-1881"], "description": "Multiple unsafe ActiveX methods allows files uploading from vulnerable host. Buffer overflow on ARJ files parsing. Local driver buffer overflow.", "edition": 1, "modified": "2007-04-06T00:00:00", "published": "2007-04-06T00:00:00", "id": "SECURITYVULNS:VULN:7536", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7536", "title": "Multiple Kaspersky Antivirus / Internet Security security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:21", "bulletinFamily": "software", "cvelist": ["CVE-2007-1112"], "description": "ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure \r\nVulnerablity\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-07-014.html\r\nApril 5, 2007\r\n\r\n-- CVE ID:\r\nCVE-2007-1112\r\n\r\n-- Affected Vendor:\r\nKaspersky\r\n\r\n-- Affected Products:\r\nAnti-Virus 6.0\r\nInternet Security 6.0\r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability since February 2, 2007 by Digital Vaccine protection\r\nfilter ID 5061, 5062. For further product information on the TippingPoint \r\nIPS:\r\n\r\n http://www.tippingpoint.com \r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to download and remove any\r\nfile on vulnerable installations of Kaspersky Anti-Virus. User\r\ninteraction is required to exploit this vulnerability in that the\r\ntarget must visit a malicious page.\r\n\r\nThe specific flaws exist within the ActiveX controls\r\nAXKLPROD60Lib.KAV60Info and AXKLSYSINFOLib.SysInfo defined in the\r\nfollowing DLLs/CLSIDs:\r\n\r\n DLL: AxKLProd60.dll\r\n CLSID: D9EC22E7-1A86-4F7C-8940-0303AE5D6756\r\n\r\n DLL: AxKLSysInfo.dll\r\n CLSID: BA61606B-258C-4021-AD27-E07A3F3B91DB\r\n\r\nSeveral methods exposed by these ActiveX controls can be abused by\r\nattackers:\r\n\r\n Function DeleteFile (\r\n ByVal strFileName As String\r\n )\r\n\r\n Function StartBatchUploading (\r\n ByVal arrFiles As Variant ,\r\n ByVal strFTPAddress As String ,\r\n ByVal strFTPUploadPath As String\r\n ) As Long\r\n \r\n Function StartStrBatchUploading (\r\n ByVal strFiles As String ,\r\n ByVal strFTPAddress As String ,\r\n ByVal strFTPUploadPath As String\r\n ) As Long\r\n \r\n Function StartUploading (\r\n ByVal strFilePath As String ,\r\n ByVal strFTPAddress As String ,\r\n ByVal strFTPUploadPath As String\r\n ) As Long\r\n\r\n-- Vendor Response:\r\nKaspersky has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://www.kaspersky.com/technews?id=203038693\r\n\r\n-- Disclosure Timeline:\r\n2007.01.08 - Vulnerability reported to vendor\r\n2007.02.02 - Digital Vaccine released to TippingPoint customers\r\n2007.04.05 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by an anonymous researcher.\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\r\n(ZDI) represents a best-of-breed model for rewarding security\r\nresearchers for responsibly disclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is used.\r\n3Com does not re-sell the vulnerability details or any exploit code.\r\nInstead, upon notifying the affected product vendor, 3Com provides its\r\ncustomers with zero day protection through its intrusion prevention\r\ntechnology. Explicit details regarding the specifics of the\r\nvulnerability are not exposed to any parties until an official vendor\r\npatch is publicly available. Furthermore, with the altruistic aim of\r\nhelping to secure a broader user base, 3Com provides this vulnerability\r\ninformation confidentially to security vendors (including competitors)\r\nwho have a vulnerability protection or mitigation product.\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "edition": 1, "modified": "2007-04-06T00:00:00", "published": "2007-04-06T00:00:00", "id": "SECURITYVULNS:DOC:16600", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16600", "title": "[Full-disclosure] ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:21", "bulletinFamily": "software", "cvelist": ["CVE-2007-0445"], "description": "ZDI-07-013: Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-07-013.html\r\nApril 5, 2007\r\n\r\n-- CVE ID:\r\nCVE-2007-0445\r\n\r\n-- Affected Vendor:\r\nKaspersky\r\n\r\n-- Affected Products:\r\nAnti-Virus 6.0\r\nInternet Security 6.0\r\nAnti-Virus for Workstation\r\nFile Server version 6.0\r\n\r\n-- TippingPoint(TM) IPS Customer Protection:\r\nTippingPoint IPS customers have been protected against this\r\nvulnerability since December 12, 2006 by Digital Vaccine protection\r\nfilter ID 4930. For further product information on the TippingPoint IPS:\r\n\r\n http://www.tippingpoint.com \r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nsystems with affected installations of the Kaspersky Anti-Virus Engine.\r\nUser interaction is not required to exploit this vulnerability.\r\n\r\nThe specific flaw exists in the engine's handling of the ARJ archive\r\nformat. The Kaspersky engine copies data from scanned archives into an\r\nunchecked heap-based buffer. This results in heap corruption when a\r\nmalformed ARJ archive is processed by an application that utilizes the\r\nengine. This corruption can be exploited to execute arbitrary code.\r\n\r\n-- Vendor Response:\r\nKaspersky has issued an update to correct this vulnerability. More\r\ndetails can be found at:\r\n\r\nhttp://www.kaspersky.com/technews?id=203038693\r\nhttp://www.kaspersky.com/technews?id=203038694\r\n\r\n\r\n-- Disclosure Timeline:\r\n2006.11.09 - Vulnerability reported to vendor\r\n2006.12.12 - Digital Vaccine released to TippingPoint customers\r\n2007.04.05 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by an anonymous researcher.\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, a division of 3Com, The Zero Day Initiative\r\n(ZDI) represents a best-of-breed model for rewarding security\r\nresearchers for responsibly disclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is used.\r\n3Com does not re-sell the vulnerability details or any exploit code.\r\nInstead, upon notifying the affected product vendor, 3Com provides its\r\ncustomers with zero day protection through its intrusion prevention\r\ntechnology. Explicit details regarding the specifics of the\r\nvulnerability are not exposed to any parties until an official vendor\r\npatch is publicly available. Furthermore, with the altruistic aim of\r\nhelping to secure a broader user base, 3Com provides this vulnerability\r\ninformation confidentially to security vendors (including competitors)\r\nwho have a vulnerability protection or mitigation product.\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "edition": 1, "modified": "2007-04-06T00:00:00", "published": "2007-04-06T00:00:00", "id": "SECURITYVULNS:DOC:16599", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16599", "title": "[Full-disclosure] ZDI-07-013: Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2020-09-02T11:47:06", "bulletinFamily": "info", "cvelist": ["CVE-2007-1880", "CVE-2007-0445", "CVE-2007-1879", "CVE-2007-1112"], "description": "### *Detect date*:\n04/05/2007\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple critical vulnerabilities have been found in Kaspersky Anti-Virus and Kaspersky Internet Security. Malicious users can exploit these vulnerabilities to execute arbitrary code or read & overwrite local files. Below is a complete list of vulnerabilities\n\n### *Affected products*:\nKaspersky Anti-Virus version 6.0 \nKaspersky Internet Security version 6.0\n\n### *Solution*:\nUpdate to latest version\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Kaspersky Internet Security](<https://threats.kaspersky.com/en/product/Kaspersky-Internet-Security/>)\n\n### *CVE-IDS*:\n[CVE-2007-0445](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0445>)10.0Critical \n[CVE-2007-1112](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1112>)10.0Critical \n[CVE-2007-1879](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1879>)9.3Critical \n[CVE-2007-1880](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1880>)6.6High", "edition": 43, "modified": "2020-05-22T00:00:00", "published": "2007-04-05T00:00:00", "id": "KLA10234", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10234", "title": "\r KLA10234Multiple vulnerabilities in Kaspersky products ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T19:26:05", "description": "Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned \"data size argument,\" which results in a heap overflow.\nThe vendor has addressed this vulnerability within Maintenance Pack 2. More information is available from the following link: \r\nhttp://www.kaspersky.com/technews?id=203038693 \r\n\r\n", "edition": 5, "cvss3": {}, "published": "2007-04-06T00:19:00", "title": "CVE-2007-1880", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.7, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.6, "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1880"], "modified": "2017-07-29T01:31:00", "cpe": ["cpe:/a:kaspersky_lab:kaspersky_internet_security:6.0.1.411", "cpe:/a:kaspersky_lab:kaspersky_anti-virus:6.0"], "id": "CVE-2007-1880", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1880", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:windows_workstation:*:*:*:*:*", "cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:6.0.1.411:*:*:*:*:*:*:*", "cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:file_servers:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:26:05", "description": "The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112.", "edition": 5, "cvss3": {}, "published": "2007-04-06T00:19:00", "title": "CVE-2007-1879", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1879"], "modified": "2017-07-29T01:31:00", "cpe": ["cpe:/a:kaspersky_lab:kaspersky_internet_security:6.0.1.411", "cpe:/a:kaspersky_lab:kaspersky_anti-virus:6.0"], "id": "CVE-2007-1879", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1879", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:windows_workstation:*:*:*:*:*", "cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:6.0.1.411:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:26:05", "description": "Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors.", "edition": 5, "cvss3": {}, "published": "2007-04-06T00:19:00", "title": "CVE-2007-1881", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.1, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.8, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1881"], "modified": "2011-03-08T02:53:00", "cpe": ["cpe:/a:kaspersky_lab:kaspersky_internet_security:6.0.1.411", "cpe:/a:kaspersky_lab:kaspersky_anti-virus:6.0"], "id": "CVE-2007-1881", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1881", "cvss": {"score": 6.8, "vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:workstations:*:*:*:*:*", "cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:6.0.1.411:*:*:*:*:*:*:*", "cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:file_servers:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:45:50", "description": "Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to \"download\" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.", "edition": 3, "cvss3": {}, "published": "2007-04-06T00:19:00", "title": "CVE-2007-1112", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1112"], "modified": "2018-10-16T16:36:00", "cpe": ["cpe:/a:kaspersky_lab:kaspersky_anti-virus:6.0", "cpe:/a:kaspersky_lab:kaspersky_internet_security:6.0"], "id": "CVE-2007-1112", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1112", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:6.0:maintenance_pack_2:*:*:*:*:*:*", "cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:windows_workstation:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:26:03", "description": "Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives.", "edition": 5, "cvss3": {}, "published": "2007-04-06T00:19:00", "title": "CVE-2007-0445", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0445"], "modified": "2018-10-16T16:32:00", "cpe": ["cpe:/a:kaspersky_lab:kaspersky_anti-virus:6.0", "cpe:/a:kaspersky_lab:kaspersky_internet_security:6.0"], "id": "CVE-2007-0445", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0445", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:6.0:maintenance_pack_2:*:*:*:*:*:*", "cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:windows_workstation:*:*:*:*:*", "cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:workstations:*:*:*:*:*", "cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0:*:file_servers:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-1880"], "description": "## Vulnerability Description\nA local overflow exists in Kaspersky Anti-Virus. The_NtSetValueKey() function in the klif.sys file fails to properly parse the data size argument resulting in a kernel heap overflow. With a specially crafted request, an attacker can cause corruption of kernel memory and may let an attacker overwrite a nearly arbitrary amount of kernel heap memory with arbitrary data resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 6.0.2.614 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA local overflow exists in Kaspersky Anti-Virus. The_NtSetValueKey() function in the klif.sys file fails to properly parse the data size argument resulting in a kernel heap overflow. With a specially crafted request, an attacker can cause corruption of kernel memory and may let an attacker overwrite a nearly arbitrary amount of kernel heap memory with arbitrary data resulting in a loss of integrity.\n## References:\nVendor URL: http://www.kaspersky.com/\n[Vendor Specific Advisory URL](http://www.kaspersky.com/technews?id=203038694)\n[Vendor Specific Advisory URL](http://www.kaspersky.com/technews?id=203038693)\nSecurity Tracker: 1017873\nSecurity Tracker: 1017872\n[Secunia Advisory ID:24778](https://secuniaresearch.flexerasoftware.com/advisories/24778/)\n[Related OSVDB ID: 33852](https://vulners.com/osvdb/OSVDB:33852)\n[Related OSVDB ID: 33850](https://vulners.com/osvdb/OSVDB:33850)\n[Related OSVDB ID: 33848](https://vulners.com/osvdb/OSVDB:33848)\n[Related OSVDB ID: 33849](https://vulners.com/osvdb/OSVDB:33849)\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=505\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0106.html\nISS X-Force ID: 33460\nFrSIRT Advisory: ADV-2007-1268\n[CVE-2007-1880](https://vulners.com/cve/CVE-2007-1880)\nBugtraq ID: 23326\n", "edition": 1, "modified": "2007-04-04T20:36:36", "published": "2007-04-04T20:36:36", "href": "https://vulners.com/osvdb/OSVDB:33851", "id": "OSVDB:33851", "title": "Kaspersky Multiple Product klif.sys Local Overflow", "type": "osvdb", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-1879"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www.kaspersky.com/technews?id=203038694\nSecurity Tracker: 1017871\n[Secunia Advisory ID:24778](https://secuniaresearch.flexerasoftware.com/advisories/24778/)\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0105.html\nISS X-Force ID: 33464\nFrSIRT Advisory: ADV-2007-1268\n[CVE-2007-1879](https://vulners.com/cve/CVE-2007-1879)\nBugtraq ID: 23325\n", "edition": 1, "modified": "2007-04-04T09:33:19", "published": "2007-04-04T09:33:19", "href": "https://vulners.com/osvdb/OSVDB:34328", "id": "OSVDB:34328", "title": "Kaspersky Multiple Product KL.SysInfo ActiveX Control (AxKLSysInfo.dll) StartUploading Function Arbitrary File Access", "type": "osvdb", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-1881"], "description": "## Vulnerability Description\nKaspersky AntiVirus contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when local code is executed through klif.sys, allowing the code to receive Ring-0 privileges. This flaw may lead to a loss of Integrity.\n## Solution Description\nUpgrade to version 6.0.2.614 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nKaspersky AntiVirus contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when local code is executed through klif.sys, allowing the code to receive Ring-0 privileges. This flaw may lead to a loss of Integrity.\n## References:\nVendor URL: http://www.kaspersky.com/\n[Vendor Specific Advisory URL](http://www.kaspersky.com/technews?id=203038693)\n[Vendor Specific Advisory URL](http://www.kaspersky.com/technews?id=203038694)\n[Secunia Advisory ID:24778](https://secuniaresearch.flexerasoftware.com/advisories/24778/)\n[Related OSVDB ID: 33850](https://vulners.com/osvdb/OSVDB:33850)\n[Related OSVDB ID: 33848](https://vulners.com/osvdb/OSVDB:33848)\n[Related OSVDB ID: 33849](https://vulners.com/osvdb/OSVDB:33849)\n[Related OSVDB ID: 33851](https://vulners.com/osvdb/OSVDB:33851)\nFrSIRT Advisory: ADV-2007-1268\n[CVE-2007-1881](https://vulners.com/cve/CVE-2007-1881)\n", "edition": 1, "modified": "2007-04-04T20:36:36", "published": "2007-04-04T20:36:36", "href": "https://vulners.com/osvdb/OSVDB:33852", "id": "OSVDB:33852", "title": "Kaspersky Multiple Product KLIF Local Privilege Escalation", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:LOCAL/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-1112"], "description": "## Solution Description\nUpgrade to version 6.0.2.614 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.kaspersky.com/\nSecurity Tracker: 1017885\nSecurity Tracker: 1017884\n[Secunia Advisory ID:24778](https://secuniaresearch.flexerasoftware.com/advisories/24778/)\n[Related OSVDB ID: 33852](https://vulners.com/osvdb/OSVDB:33852)\n[Related OSVDB ID: 33848](https://vulners.com/osvdb/OSVDB:33848)\n[Related OSVDB ID: 33849](https://vulners.com/osvdb/OSVDB:33849)\n[Related OSVDB ID: 33851](https://vulners.com/osvdb/OSVDB:33851)\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504\nOther Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-07-014.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0117.html\nISS X-Force ID: 33464\nFrSIRT Advisory: ADV-2007-1268\n[CVE-2007-1112](https://vulners.com/cve/CVE-2007-1112)\nBugtraq ID: 23345\n", "edition": 1, "modified": "2007-04-05T20:36:36", "published": "2007-04-05T20:36:36", "href": "https://vulners.com/osvdb/OSVDB:33850", "id": "OSVDB:33850", "title": "Kaspersky Multiple Product AXKLSYSINFOLib.SysInfo ActiveX Arbitrary File Manipulation", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-1112"], "description": "## Solution Description\nUpgrade to version 6.0.2.614 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.kaspersky.com/\nSecurity Tracker: 1017885\nSecurity Tracker: 1017884\n[Secunia Advisory ID:24778](https://secuniaresearch.flexerasoftware.com/advisories/24778/)\n[Related OSVDB ID: 33852](https://vulners.com/osvdb/OSVDB:33852)\n[Related OSVDB ID: 33850](https://vulners.com/osvdb/OSVDB:33850)\n[Related OSVDB ID: 33848](https://vulners.com/osvdb/OSVDB:33848)\n[Related OSVDB ID: 33851](https://vulners.com/osvdb/OSVDB:33851)\nOther Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-07-014.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0117.html\nISS X-Force ID: 33464\nFrSIRT Advisory: ADV-2007-1268\n[CVE-2007-1112](https://vulners.com/cve/CVE-2007-1112)\nBugtraq ID: 23345\n", "edition": 1, "modified": "2007-04-05T20:36:36", "published": "2007-04-05T20:36:36", "href": "https://vulners.com/osvdb/OSVDB:33849", "id": "OSVDB:33849", "title": "Kaspersky Multiple Product AXKLPROD60Lib.KAV60Info ActiveX Arbitrary File Manipulation", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "cvelist": ["CVE-2007-0445"], "description": "## Solution Description\nUpgrade to version 6.0.2.614 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.kaspersky.com/\n[Vendor Specific Advisory URL](http://www.kaspersky.com/technews?id=203038693)\n[Vendor Specific Advisory URL](http://www.kaspersky.com/technews?id=203038694)\nSecurity Tracker: 1017882\nSecurity Tracker: 1017883\n[Secunia Advisory ID:24778](https://secuniaresearch.flexerasoftware.com/advisories/24778/)\n[Related OSVDB ID: 33852](https://vulners.com/osvdb/OSVDB:33852)\n[Related OSVDB ID: 33850](https://vulners.com/osvdb/OSVDB:33850)\n[Related OSVDB ID: 33849](https://vulners.com/osvdb/OSVDB:33849)\n[Related OSVDB ID: 33851](https://vulners.com/osvdb/OSVDB:33851)\nOther Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-07-013.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0120.html\nISS X-Force ID: 33489\nFrSIRT Advisory: ADV-2007-1268\n[CVE-2007-0445](https://vulners.com/cve/CVE-2007-0445)\nBugtraq ID: 23346\n", "edition": 1, "modified": "2007-04-05T20:36:36", "published": "2007-04-05T20:36:36", "href": "https://vulners.com/osvdb/OSVDB:33848", "id": "OSVDB:33848", "title": "Kaspersky Multiple Product OnDemand Scanner ARJ Handling Memory Overrun", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2020-06-22T11:40:45", "bulletinFamily": "info", "cvelist": ["CVE-2007-1112"], "edition": 3, "description": "This vulnerability allows remote attackers to download and remove any file on vulnerable installations of Kaspersky Anti-Virus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaws exist within the ActiveX controls AXKLPROD60Lib.KAV60Info and AXKLSYSINFOLib.SysInfo defined in the following DLLs/CLSIDs: DLL: AxKLProd60.dll CLSID: D9EC22E7-1A86-4F7C-8940-0303AE5D6756 DLL: AxKLSysInfo.dll CLSID: BA61606B-258C-4021-AD27-E07A3F3B91DB Several methods exposed by these ActiveX controls can be abused by attackers: Function DeleteFile ( ByVal strFileName As String ) Function StartBatchUploading ( ByVal arrFiles As Variant , ByVal strFTPAddress As String , ByVal strFTPUploadPath As String ) As Long Function StartStrBatchUploading ( ByVal strFiles As String , ByVal strFTPAddress As String , ByVal strFTPUploadPath As String ) As Long Function StartUploading ( ByVal strFilePath As String , ByVal strFTPAddress As String , ByVal strFTPUploadPath As String ) As Long", "modified": "2007-06-22T00:00:00", "published": "2007-04-05T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-07-014/", "id": "ZDI-07-014", "title": "Kaspersky Antivirus ActiveX Unsafe Methods Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:42:11", "bulletinFamily": "info", "cvelist": ["CVE-2007-0445"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of the Kaspersky Anti-Virus Engine. User interaction is not required to exploit this vulnerability. The specific flaw exists in the engine's handling of the ARJ archive format. The Kaspersky engine copies data from scanned archives into an unchecked heap-based buffer. This results in heap corruption when a malformed ARJ archive is processed by an application that utilizes the engine. This corruption can be exploited to execute arbitrary code.", "modified": "2007-06-22T00:00:00", "published": "2007-04-05T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-07-013/", "id": "ZDI-07-013", "title": "Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T22:06:19", "description": "CVE(CAN) ID: CVE-2007-0445\r\n\r\nKaspersky Antivirus\u662f\u975e\u5e38\u6d41\u884c\u7684\u6740\u6bd2\u8f6f\u4ef6\u3002\r\n\r\nKaspersky Antivirus\u7684\u6740\u6bd2\u5f15\u64ce\u5728\u5904\u7406ARJ\u6587\u6863\u683c\u5f0f\u65f6\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u4f7f\u7528\u8be5\u5f15\u64ce\u7684\u6740\u6bd2\u8f6f\u4ef6\u626b\u63cf\u4e86\u6076\u610f\u6587\u6863\u7684\u8bdd\u5c31\u4f1a\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u53ef\u80fd\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\n<*\u6765\u6e90\uff1aZDI \uff08http://www.zerodayinitiative.com/\uff09\r\n \r\n \u94fe\u63a5\uff1ahttp://www.zerodayinitiative.com/advisories/ZDI-07-013.html\r\n http://www.kaspersky.com/technews?id=203038693\r\n http://www.kaspersky.com/technews?id=203038694\r\n http://secunia.com/advisories/24778/\r\n*>\r\n\r\n\n\nKaspersky Labs Kaspersky Antivirus 6.0\r\nKaspersky Labs Kaspersky Internet Security 6.0\r\nKaspersky Labs Kaspersky Antivirus 6.0.2.614\r\nKaspersky Labs Kaspersky Internet Security 6.0.2.614\r\n\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\n\r\nKaspersky Labs\r\n--------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://www.kaspersky.com/productupdates?chapter=186437046\" target=\"_blank\">http://www.kaspersky.com/productupdates?chapter=186437046</a>\r\n<a href=\"http://www.kaspersky.com/productupdates?chapter=186435857\" target=\"_blank\">http://www.kaspersky.com/productupdates?chapter=186435857</a>", "published": "2007-04-07T00:00:00", "type": "seebug", "title": "Kaspersky AntiVirus\u6740\u6bd2\u5f15\u64ceARJ\u6587\u6863\u89e3\u6790\u5806\u6ea2\u51fa\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0445"], "modified": "2007-04-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-1603", "id": "SSV:1603", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

Kaspersky Anti-Virus &lt; 6.0.2.614 Multiple Vulnerabilities

Description

The version of the Kaspersky antivirus product installed on the remote host may be affected by buffer overflow, privilege escalation, and information disclosure vulnerabilities, depending on the actual product installed.

Kaspersky Anti-Virus < 6.0.2.614 Multiple Vulnerabilities