Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2010 LSSOPENVAS:1361412562310102051
HistoryJul 08, 2010 - 12:00 a.m.

Kaspersky Antivirus UPX Denial of Service vulnerability

2010-07-0800:00:00
Copyright (C) 2010 LSS
plugins.openvas.org
7

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.6 Medium

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.4%

JSON

Kaspersky AntiVirus Engine 6.0.1.411 for Windows allows remote
attackers to cause a denial of service (CPU consumption) via a
crafted UPX compressed file with a negative offset, which triggers
an infinite loop during decompression.

# SPDX-FileCopyrightText: 2010 LSS
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.102051");
  script_version("2023-08-01T13:29:10+0000");
  script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
  script_tag(name:"creation_date", value:"2010-07-08 10:59:30 +0200 (Thu, 08 Jul 2010)");
  script_cve_id("CVE-2007-1281");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/22795");
  script_name("Kaspersky Antivirus UPX Denial of Service vulnerability");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2010 LSS");
  script_family("Denial of Service");
  script_dependencies("gb_kaspersky_av_detect.nasl");
  script_mandatory_keys("Kaspersky/AV/Ver");

  script_tag(name:"solution", value:"Update to a newer version (automatic update will do).");

  script_tag(name:"summary", value:"Kaspersky AntiVirus Engine 6.0.1.411 for Windows allows remote
  attackers to cause a denial of service (CPU consumption) via a
  crafted UPX compressed file with a negative offset, which triggers
  an infinite loop during decompression.");

  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include ("version_func.inc");

version = get_kb_item("Kaspersky/AV/Ver");
if (!version) exit (0);

if (version_is_less_equal (version: version, test_version:"6.0.1.411")) {
  report = report_fixed_ver(installed_version:version, vulnerable_range:"Less or equal to 6.0.1.411");
  security_message(port: 0, data: report);
  exit(0);
}

exit(99);

Related

nessus 1
securityvulns 1
prion 1
nvd 1
openvas 1
cvelist 1
cve 1
nessus
nessus
Kaspersky Anti-Virus UPX File Decompression DoS
2007-03-05 00:00:00
securityvulns
securityvulns
Kaspersky Antivirus DoS
2007-03-02 00:00:00
prion
prion
Design/Logic Flaw
2007-03-06 01:19:00
nvd
nvd
CVE-2007-1281
2007-03-06 01:19:00
openvas
openvas
Kaspersky Antivirus UPX Denial of Service vulnerability
2010-07-08 00:00:00
cvelist
cvelist
CVE-2007-1281
2007-03-06 01:00:00
cve
cve
CVE-2007-1281
2007-03-06 01:19:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.6 Medium

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.4%

JSON
Related for OPENVAS:1361412562310102051
nessus1securityvulns1prion1nvd1openvas1cvelist1cve1