Kaspersky Endpoint Security 'avp.exe' Authentication Bypass Vulnerability

Kaspersky Endpoint Security is a suite of security software that provides digital threat protection protection for business users. Kaspersky Endpoint Security suffers from an authentication bypass vulnerability that could be exploited by an attacker to bypass authentication mechanisms and perform...

Kaspersky Total Security 15.0.1.415 Authentication Bypass Vulnerability

By analyzing the password-based authentication for unloading the Kaspersky Total Security protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe actually within the used module shellservice.dll, which runs or can be run in the context of the current...

Kaspersky Endpoint Security For Windows 8.1.0.1042 / 10.2.1.23 Authentication Bypass

By analyzing the password-based authentication for unloading the Kaspersky Endpoint Security for Windows protection, the SySS GmbH found out, that the password comparison is done within the process avp.exe, which runs or can be run in the context of the current Windows user, who can also be a...

Kaspersky 2010 Memory Corruption

Description ============ The vulnerability affects Kaspersky Internet Security 2010 9.0.0.459 antivirus and its brother, the Kaspersky Antivirus 2010 9.0.0.463 version. The exploit was discovered on August 18th 2009. The problem with these two antivirus versions appears when parsing a URL address...

Cross site request forgery (csrf)

avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service CPU consumption and network connectivity loss via an HTTP URL request that contains a large number of dot "." characters...

Kaspersky AV/IS 2010 Denial Of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kaspersky AV/IS 2010 avp.exe Denial-of-Service Author: Maksymilian Arciemowicz http://SecurityReason.com Date: - - Dis.: 10.07.2009 - - Pub.: 19.08.2009 Risk: Medium Affected Software tested: - - Kaspersky Internet Security 2010 9.0.0.459 a EN - -...

Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kaspersky AV/IS 2010 avp.exe Denial-of-Service Author: Maksymilian Arciemowicz http://SecurityReason.com Date: - - Dis.: 10.07.2009 - - Pub.: 19.08.2009 Risk: Medium Affected Software tested: - - Kaspersky Internet Security 2010 9.0.0.459 a EN - -...

Code injection

Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to 1 cause a denial of service crash and possibly gain privileges via the NtCreateSection kernel SSDT hook or 2 cause a denial of...