EUVD-2001-0774

Malware in sbrugna...

kav-te.com Cross Site Scripting vulnerability OBB-3064047

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kav-kaz.ru Cross Site Scripting vulnerability OBB-2944495

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2003-1443

Kaspersky Antivirus (KAV) 4.0.9.0 is affected: it fails to detect viruses in files whose names use MS-DOS device names, allowing local bypass of protection. The issue is demonstrated with aux.vbs and aux.com. The available references confirm the vulnerability exists but do not provide a publicly ...

CVE-2007-5086

CVE-2007-5086 concerns Kaspersky Anti-Virus/Internet Security 7.0.0.125 where SSDT and Shadow SSDT parameter validation is insufficient, enabling local users to trigger a crash (DoS) via kernel hooks in kylif.sys (NtUserSendInput, LoadLibraryA, NtOpenProcess, NtOpenThread, NtTerminateProcess, NtU...

kav60-escalate.txt

// kav 6.0 0day local priv escalation exploit // by m4d // http://unl0ck.net include include include // r0-shellcode creates C:\Hello.txt with "Hello from ring-0! :" unsigned char Shellcode405 = 0x55, 0x8B, 0xEC, 0x83, 0xC4, 0xBC, 0x60, 0x83, 0x4D, 0xE8, 0xFF, 0x0F, 0x01, 0x4D, 0xFA, 0x8B, 0x4D,...

Improper Validation of User-mode Pointers

Improper Validation of User-mode Pointers Many of the hooks that KAV installs and even the custom system services suffer from flaws that are detrimental to the operation of the system. For instance, KAV's modified NtOpenProcess attempts to determine if a user address is valid by comparing it to t...

Allowing User-mode Code to Access Kernel Memory

Allowing User-mode Code to Access Kernel Memory One of the most important principles of the kernel/user division that modern operating systems enforce is that user mode is not allowed to directly access kernel mode memory. This is necessary to enforce system stability, such as to prevent a buggy...

Patching system services at runtime

Patching system services at runtime Although KAV appears to use a filesystem filter, the standard Windows mechanism for intercepting accesses to files specifically designed for applications like anti-virus software, the implementors also used a series of API-level function hooks to intercept...

Improper Validation of Kernel Object Types

Improper Validation of Kernel Object Types Windows exposes many kernel features through a series of kernel objects''. These objects may be acted upon by user mode through the user of handles. Handles are integral values that are translated by the kernel into pointers to a particular object upon...

Kaspersky AntiVirus - 'klif.sys' Local Privilege Escalation

/ Added NOSTRICT to 1 on line 2 /str0ke ! milw0rm.com / define NOSTRICT 1 include undef STRICT PUCHAR pCodeBase=PUCHAR0xBE9372C0; PDWORD pJmpAddress=PDWORD0xBE9372B0; PUCHAR pKAVRets=PUCHAR0xBE935087,PUCHAR0xBE935046; PUCHAR pKAVRet; unsigned char code=0x68,0x00,0x02,0x00,0x00, //push 0x200...

One more way to bypass NAV

Dear [email protected], I've updated "Bypassing content filtering software" whitepaper http://www.security.nnov.ru/advisories/content.asp to include new way to bypass content filtering software. It confirmed to work with NAV and not to work with McAffee and KAV AVP. Symantec was contected...

CVE-2001-0789

Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 for Sendmail allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed mail message...

CVE-2001-0789

Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 for Sendmail allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed mail message...

CVE-2001-0789

The CVE-2001-0789 entry describes a format string vulnerability in avpkeeper of Kaspersky KAV 3.5.135.2 for Sendmail. The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code through a malformed mail message. Affected product is KAV with Sendmail integrati...

Ошибка форматной строки в KAV (AVP) для sendmail (format string)

Ошибка в avpkeeper при работе с syslog...