Search

Find a vulnerability

Search criteria

    56 vulnerabilities found for kaspersky_anti-virus by kaspersky_lab

    CVE-2009-4452 (GCVE-0-2009-4452)

    Vulnerability from nvd – Published: 2009-12-29 20:15 – Updated: 2024-08-07 07:01
    VLAI
    Summary
    Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2009/3573 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1023366 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/37730 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/508508/100… mailing-listx_refsource_BUGTRAQ
    http://www.exploit-db.com/exploits/10484 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/37398 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1023367 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-12-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:01:20.350Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2009-3573",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3573"
              },
              {
                "name": "1023366",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1023366"
              },
              {
                "name": "37730",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37730"
              },
              {
                "name": "20091216 Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/508508/100/0/threaded"
              },
              {
                "name": "10484",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/10484"
              },
              {
                "name": "37398",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37398"
              },
              {
                "name": "1023367",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1023367"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-12-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2009-3573",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3573"
            },
            {
              "name": "1023366",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1023366"
            },
            {
              "name": "37730",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37730"
            },
            {
              "name": "20091216 Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/508508/100/0/threaded"
            },
            {
              "name": "10484",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/10484"
            },
            {
              "name": "37398",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37398"
            },
            {
              "name": "1023367",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1023367"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-4452",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2009-3573",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3573"
                },
                {
                  "name": "1023366",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1023366"
                },
                {
                  "name": "37730",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37730"
                },
                {
                  "name": "20091216 Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/508508/100/0/threaded"
                },
                {
                  "name": "10484",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/10484"
                },
                {
                  "name": "37398",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37398"
                },
                {
                  "name": "1023367",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1023367"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-4452",
        "datePublished": "2009-12-29T20:15:00.000Z",
        "dateReserved": "2009-12-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:01:20.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0449 (GCVE-0-2009-0449)

    Vulnerability from nvd – Published: 2009-02-05 20:00 – Updated: 2024-08-07 04:31
    VLAI
    Summary
    Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2009-02-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:31:26.233Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=60\u0026Itemid=1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://kartoffel.reversemode.com/downloads/kaspersky_klim5_plugin.zip"
              },
              {
                "name": "1021661",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021661"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.wintercore.com/advisories/advisory_W020209.html"
              },
              {
                "name": "20090202 [Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/500606/100/0/threaded"
              },
              {
                "name": "33561",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33561"
              },
              {
                "name": "33788",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33788"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-02-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=60\u0026Itemid=1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://kartoffel.reversemode.com/downloads/kaspersky_klim5_plugin.zip"
            },
            {
              "name": "1021661",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021661"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.wintercore.com/advisories/advisory_W020209.html"
            },
            {
              "name": "20090202 [Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/500606/100/0/threaded"
            },
            {
              "name": "33561",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33561"
            },
            {
              "name": "33788",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33788"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0449",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=60\u0026Itemid=1",
                  "refsource": "MISC",
                  "url": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=60\u0026Itemid=1"
                },
                {
                  "name": "http://kartoffel.reversemode.com/downloads/kaspersky_klim5_plugin.zip",
                  "refsource": "MISC",
                  "url": "http://kartoffel.reversemode.com/downloads/kaspersky_klim5_plugin.zip"
                },
                {
                  "name": "1021661",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021661"
                },
                {
                  "name": "http://www.wintercore.com/advisories/advisory_W020209.html",
                  "refsource": "MISC",
                  "url": "http://www.wintercore.com/advisories/advisory_W020209.html"
                },
                {
                  "name": "20090202 [Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/500606/100/0/threaded"
                },
                {
                  "name": "33561",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33561"
                },
                {
                  "name": "33788",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33788"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0449",
        "datePublished": "2009-02-05T20:00:00.000Z",
        "dateReserved": "2009-02-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:31:26.233Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1518 (GCVE-0-2008-1518)

    Vulnerability from nvd – Published: 2008-06-05 20:21 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1020195 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2008/1739 vdb-entryx_refsource_VUPEN
    http://www.kaspersky.com/technews?id=203038727 x_refsource_CONFIRM
    http://secunia.com/advisories/30534 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://securitytracker.com/id?1020196 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-06-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1020195",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020195"
              },
              {
                "name": "ADV-2008-1739",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1739"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038727"
              },
              {
                "name": "30534",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30534"
              },
              {
                "name": "kaspersky-internetsecurity-kl1-bo(42849)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42849"
              },
              {
                "name": "20080604 Kaspersky Internet Security IOCTL Stack Based Buffer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=704"
              },
              {
                "name": "1020196",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020196"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1020195",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020195"
            },
            {
              "name": "ADV-2008-1739",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1739"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038727"
            },
            {
              "name": "30534",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30534"
            },
            {
              "name": "kaspersky-internetsecurity-kl1-bo(42849)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42849"
            },
            {
              "name": "20080604 Kaspersky Internet Security IOCTL Stack Based Buffer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=704"
            },
            {
              "name": "1020196",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020196"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1518",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1020195",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020195"
                },
                {
                  "name": "ADV-2008-1739",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1739"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038727",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038727"
                },
                {
                  "name": "30534",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30534"
                },
                {
                  "name": "kaspersky-internetsecurity-kl1-bo(42849)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42849"
                },
                {
                  "name": "20080604 Kaspersky Internet Security IOCTL Stack Based Buffer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=704"
                },
                {
                  "name": "1020196",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020196"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1518",
        "datePublished": "2008-06-05T20:21:00.000Z",
        "dateReserved": "2008-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.244Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5086 (GCVE-0-2007-5086)

    Vulnerability from nvd – Published: 2007-09-26 10:00 – Updated: 2024-08-07 15:17
    VLAI
    Summary
    Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks. NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1. NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that "it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2007/3259 vdb-entryx_refsource_VUPEN
    http://osvdb.org/37990 vdb-entryx_refsource_OSVDB
    http://www.rootkit.com/newsread.php?newsid=778 x_refsource_MISC
    http://www.kaspersky.com/technews?id=203038706 x_refsource_CONFIRM
    http://secunia.com/advisories/26887 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:17:28.206Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-3259",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3259"
              },
              {
                "name": "37990",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/37990"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rootkit.com/newsread.php?newsid=778"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038706"
              },
              {
                "name": "26887",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26887"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks.  NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1.  NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that \"it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-3259",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3259"
            },
            {
              "name": "37990",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/37990"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rootkit.com/newsread.php?newsid=778"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038706"
            },
            {
              "name": "26887",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26887"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5086",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks.  NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1.  NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that \"it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-3259",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3259"
                },
                {
                  "name": "37990",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/37990"
                },
                {
                  "name": "http://www.rootkit.com/newsread.php?newsid=778",
                  "refsource": "MISC",
                  "url": "http://www.rootkit.com/newsread.php?newsid=778"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038706",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038706"
                },
                {
                  "name": "26887",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26887"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5086",
        "datePublished": "2007-09-26T10:00:00.000Z",
        "dateReserved": "2007-09-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:17:28.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1881 (GCVE-0-2007-1881)

    Vulnerability from nvd – Published: 2007-04-06 00:00 – Updated: 2024-08-07 13:13
    VLAI
    Summary
    Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24778 third-party-advisoryx_refsource_SECUNIA
    http://www.kaspersky.com/technews?id=203038694 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1268 vdb-entryx_refsource_VUPEN
    http://www.osvdb.org/33852 vdb-entryx_refsource_OSVDB
    http://www.kaspersky.com/technews?id=203038693 x_refsource_CONFIRM
    Date Public
    2007-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:13:41.744Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24778",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24778"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038694"
              },
              {
                "name": "ADV-2007-1268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1268"
              },
              {
                "name": "33852",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/33852"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038693"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-04-28T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24778",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24778"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038694"
            },
            {
              "name": "ADV-2007-1268",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1268"
            },
            {
              "name": "33852",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/33852"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038693"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1881",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24778",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24778"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038694",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038694"
                },
                {
                  "name": "ADV-2007-1268",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1268"
                },
                {
                  "name": "33852",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/33852"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038693",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038693"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1881",
        "datePublished": "2007-04-06T00:00:00.000Z",
        "dateReserved": "2007-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:13:41.744Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0445 (GCVE-0-2007-0445)

    Vulnerability from nvd – Published: 2007-04-06 00:00 – Updated: 2024-08-07 12:19
    VLAI
    Summary
    Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:19:30.325Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-013.html"
              },
              {
                "name": "24778",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24778"
              },
              {
                "name": "1017882",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017882"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038694"
              },
              {
                "name": "ADV-2007-1268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1268"
              },
              {
                "name": "20070405 ZDI-07-013: Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464878/100/0/threaded"
              },
              {
                "name": "kaspersky-arj-bo(33489)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33489"
              },
              {
                "name": "23346",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23346"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038693"
              },
              {
                "name": "1017883",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017883"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-013.html"
            },
            {
              "name": "24778",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24778"
            },
            {
              "name": "1017882",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017882"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038694"
            },
            {
              "name": "ADV-2007-1268",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1268"
            },
            {
              "name": "20070405 ZDI-07-013: Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464878/100/0/threaded"
            },
            {
              "name": "kaspersky-arj-bo(33489)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33489"
            },
            {
              "name": "23346",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23346"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038693"
            },
            {
              "name": "1017883",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017883"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0445",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-013.html",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-013.html"
                },
                {
                  "name": "24778",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24778"
                },
                {
                  "name": "1017882",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017882"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038694",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038694"
                },
                {
                  "name": "ADV-2007-1268",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1268"
                },
                {
                  "name": "20070405 ZDI-07-013: Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464878/100/0/threaded"
                },
                {
                  "name": "kaspersky-arj-bo(33489)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33489"
                },
                {
                  "name": "23346",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23346"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038693",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038693"
                },
                {
                  "name": "1017883",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017883"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0445",
        "datePublished": "2007-04-06T00:00:00.000Z",
        "dateReserved": "2007-01-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:19:30.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1112 (GCVE-0-2007-1112)

    Vulnerability from nvd – Published: 2007-04-06 00:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1017884",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017884"
              },
              {
                "name": "1017885",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017885"
              },
              {
                "name": "24778",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24778"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038694"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-014.html"
              },
              {
                "name": "ADV-2007-1268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1268"
              },
              {
                "name": "23345",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23345"
              },
              {
                "name": "kaspersky-startuploading-info-disclosure(33464)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"
              },
              {
                "name": "20070405 ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464882/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to \"download\" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1017884",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017884"
            },
            {
              "name": "1017885",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017885"
            },
            {
              "name": "24778",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24778"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038694"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-014.html"
            },
            {
              "name": "ADV-2007-1268",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1268"
            },
            {
              "name": "23345",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23345"
            },
            {
              "name": "kaspersky-startuploading-info-disclosure(33464)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"
            },
            {
              "name": "20070405 ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464882/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to \"download\" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1017884",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017884"
                },
                {
                  "name": "1017885",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017885"
                },
                {
                  "name": "24778",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24778"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038694",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038694"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-014.html",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-014.html"
                },
                {
                  "name": "ADV-2007-1268",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1268"
                },
                {
                  "name": "23345",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23345"
                },
                {
                  "name": "kaspersky-startuploading-info-disclosure(33464)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"
                },
                {
                  "name": "20070405 ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464882/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1112",
        "datePublished": "2007-04-06T00:00:00.000Z",
        "dateReserved": "2007-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1880 (GCVE-0-2007-1880)

    Vulnerability from nvd – Published: 2007-04-06 00:00 – Updated: 2024-08-07 13:13
    VLAI
    Summary
    Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.osvdb.org/33851 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/23326 vdb-entryx_refsource_BID
    http://secunia.com/advisories/24778 third-party-advisoryx_refsource_SECUNIA
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://www.kaspersky.com/technews?id=203038694 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1268 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1017873 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securitytracker.com/id?1017872 vdb-entryx_refsource_SECTRACK
    http://www.kaspersky.com/technews?id=203038693 x_refsource_CONFIRM
    Date Public
    2007-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:13:41.791Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "33851",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/33851"
              },
              {
                "name": "23326",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23326"
              },
              {
                "name": "24778",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24778"
              },
              {
                "name": "20070404 Kaspersky Internet Security Suite klif.sys Heap Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=505"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038694"
              },
              {
                "name": "ADV-2007-1268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1268"
              },
              {
                "name": "1017873",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017873"
              },
              {
                "name": "kaspersky-klif-bo(33460)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33460"
              },
              {
                "name": "1017872",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017872"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038693"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned \"data size argument,\" which results in a heap overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "33851",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/33851"
            },
            {
              "name": "23326",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23326"
            },
            {
              "name": "24778",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24778"
            },
            {
              "name": "20070404 Kaspersky Internet Security Suite klif.sys Heap Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=505"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038694"
            },
            {
              "name": "ADV-2007-1268",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1268"
            },
            {
              "name": "1017873",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017873"
            },
            {
              "name": "kaspersky-klif-bo(33460)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33460"
            },
            {
              "name": "1017872",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017872"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038693"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1880",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned \"data size argument,\" which results in a heap overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "33851",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/33851"
                },
                {
                  "name": "23326",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23326"
                },
                {
                  "name": "24778",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24778"
                },
                {
                  "name": "20070404 Kaspersky Internet Security Suite klif.sys Heap Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=505"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038694",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038694"
                },
                {
                  "name": "ADV-2007-1268",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1268"
                },
                {
                  "name": "1017873",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017873"
                },
                {
                  "name": "kaspersky-klif-bo(33460)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33460"
                },
                {
                  "name": "1017872",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017872"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038693",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038693"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1880",
        "datePublished": "2007-04-06T00:00:00.000Z",
        "dateReserved": "2007-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:13:41.791Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1879 (GCVE-0-2007-1879)

    Vulnerability from nvd – Published: 2007-04-06 00:00 – Updated: 2024-08-07 13:13
    VLAI
    Summary
    The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://secunia.com/advisories/24778 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1017871 vdb-entryx_refsource_SECTRACK
    http://www.kaspersky.com/technews?id=203038694 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1268 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/23325 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:13:41.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070404 Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504"
              },
              {
                "name": "24778",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24778"
              },
              {
                "name": "1017871",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017871"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038694"
              },
              {
                "name": "ADV-2007-1268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1268"
              },
              {
                "name": "23325",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23325"
              },
              {
                "name": "kaspersky-startuploading-info-disclosure(33464)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command.  NOTE: this issue might be related to CVE-2007-1112."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070404 Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504"
            },
            {
              "name": "24778",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24778"
            },
            {
              "name": "1017871",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017871"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038694"
            },
            {
              "name": "ADV-2007-1268",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1268"
            },
            {
              "name": "23325",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23325"
            },
            {
              "name": "kaspersky-startuploading-info-disclosure(33464)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1879",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command.  NOTE: this issue might be related to CVE-2007-1112."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070404 Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504"
                },
                {
                  "name": "24778",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24778"
                },
                {
                  "name": "1017871",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017871"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038694",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038694"
                },
                {
                  "name": "ADV-2007-1268",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1268"
                },
                {
                  "name": "23325",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23325"
                },
                {
                  "name": "kaspersky-startuploading-info-disclosure(33464)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1879",
        "datePublished": "2007-04-06T00:00:00.000Z",
        "dateReserved": "2007-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:13:41.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-6408 (GCVE-0-2006-6408)

    Vulnerability from nvd – Published: 2006-12-10 02:00 – Updated: 2024-08-07 20:26
    VLAI
    Summary
    Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-12-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:26:46.061Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "21461",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21461"
              },
              {
                "name": "20061206 Multiple Vendor Unusual MIME Encoding Content Filter Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/453654/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.quantenblog.net/security/virus-scanner-bypass"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "21461",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21461"
            },
            {
              "name": "20061206 Multiple Vendor Unusual MIME Encoding Content Filter Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/453654/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.quantenblog.net/security/virus-scanner-bypass"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-6408",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "21461",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/21461"
                },
                {
                  "name": "20061206 Multiple Vendor Unusual MIME Encoding Content Filter Bypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/453654/100/0/threaded"
                },
                {
                  "name": "http://www.quantenblog.net/security/virus-scanner-bypass",
                  "refsource": "MISC",
                  "url": "http://www.quantenblog.net/security/virus-scanner-bypass"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-6408",
        "datePublished": "2006-12-10T02:00:00.000Z",
        "dateReserved": "2006-12-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:26:46.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4926 (GCVE-0-2006-4926)

    Vulnerability from nvd – Published: 2006-10-20 22:00 – Updated: 2024-08-07 19:32
    VLAI
    Summary
    The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/449289/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/29891 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/449301/100… mailing-listx_refsource_BUGTRAQ
    http://www.kaspersky.com/technews?id=203038678 x_refsource_CONFIRM
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://secunia.com/advisories/22478 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/20635 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1017093 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2006/4117 vdb-entryx_refsource_VUPEN
    Date Public
    2006-10-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:32:22.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20061020 [Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/449289/100/0/threaded"
              },
              {
                "name": "kaspersky-klinklick-privilege-escalation(29677)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29677"
              },
              {
                "name": "29891",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29891"
              },
              {
                "name": "20061020 Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/449301/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038678"
              },
              {
                "name": "20061020 Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425"
              },
              {
                "name": "22478",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22478"
              },
              {
                "name": "20635",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20635"
              },
              {
                "name": "1017093",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1017093"
              },
              {
                "name": "ADV-2006-4117",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4117"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20061020 [Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/449289/100/0/threaded"
            },
            {
              "name": "kaspersky-klinklick-privilege-escalation(29677)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29677"
            },
            {
              "name": "29891",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29891"
            },
            {
              "name": "20061020 Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/449301/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038678"
            },
            {
              "name": "20061020 Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425"
            },
            {
              "name": "22478",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22478"
            },
            {
              "name": "20635",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20635"
            },
            {
              "name": "1017093",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1017093"
            },
            {
              "name": "ADV-2006-4117",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4117"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4926",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20061020 [Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/449289/100/0/threaded"
                },
                {
                  "name": "kaspersky-klinklick-privilege-escalation(29677)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29677"
                },
                {
                  "name": "29891",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29891"
                },
                {
                  "name": "20061020 Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/449301/100/0/threaded"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038678",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038678"
                },
                {
                  "name": "20061020 Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425"
                },
                {
                  "name": "22478",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22478"
                },
                {
                  "name": "20635",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20635"
                },
                {
                  "name": "1017093",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1017093"
                },
                {
                  "name": "ADV-2006-4117",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4117"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4926",
        "datePublished": "2006-10-20T22:00:00.000Z",
        "dateReserved": "2006-09-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:32:22.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1091 (GCVE-0-2006-1091)

    Vulnerability from nvd – Published: 2006-03-09 11:00 – Updated: 2024-08-07 16:56
    VLAI
    Summary
    Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/426699 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/16942 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/535 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-03-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:56:15.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060303 Kaspersky Memory/CPU Usage Leak by design",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/426699"
              },
              {
                "name": "16942",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16942"
              },
              {
                "name": "535",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/535"
              },
              {
                "name": "kaspersky-unspecified-dos(25221)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25221"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060303 Kaspersky Memory/CPU Usage Leak by design",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/426699"
            },
            {
              "name": "16942",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16942"
            },
            {
              "name": "535",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/535"
            },
            {
              "name": "kaspersky-unspecified-dos(25221)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25221"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1091",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060303 Kaspersky Memory/CPU Usage Leak by design",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/426699"
                },
                {
                  "name": "16942",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16942"
                },
                {
                  "name": "535",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/535"
                },
                {
                  "name": "kaspersky-unspecified-dos(25221)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25221"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1091",
        "datePublished": "2006-03-09T11:00:00.000Z",
        "dateReserved": "2006-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:56:15.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3664 (GCVE-0-2005-3664)

    Vulnerability from nvd – Published: 2005-11-18 11:00 – Updated: 2024-08-07 23:17
    VLAI
    Summary
    Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/17130 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/19913 vdb-entryx_refsource_OSVDB
    http://www.idefense.com/application/poi/display?i… third-party-advisoryx_refsource_IDEFENSE
    http://www.osvdb.org/19912 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/15054 vdb-entryx_refsource_BID
    http://secunia.com/advisories/17144 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:17:23.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "17130",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17130"
              },
              {
                "name": "19913",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/19913"
              },
              {
                "name": "20051010 Kaspersky Anti-Virus Engine CHM File Parser Buffer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://www.idefense.com/application/poi/display?id=318\u0026type=vulnerabilities"
              },
              {
                "name": "19912",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/19912"
              },
              {
                "name": "kaspersky-fsecure-chm-bo(22564)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22564"
              },
              {
                "name": "15054",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15054"
              },
              {
                "name": "17144",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17144"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "17130",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17130"
            },
            {
              "name": "19913",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/19913"
            },
            {
              "name": "20051010 Kaspersky Anti-Virus Engine CHM File Parser Buffer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://www.idefense.com/application/poi/display?id=318\u0026type=vulnerabilities"
            },
            {
              "name": "19912",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/19912"
            },
            {
              "name": "kaspersky-fsecure-chm-bo(22564)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22564"
            },
            {
              "name": "15054",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15054"
            },
            {
              "name": "17144",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17144"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3664",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "17130",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17130"
                },
                {
                  "name": "19913",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/19913"
                },
                {
                  "name": "20051010 Kaspersky Anti-Virus Engine CHM File Parser Buffer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://www.idefense.com/application/poi/display?id=318\u0026type=vulnerabilities"
                },
                {
                  "name": "19912",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/19912"
                },
                {
                  "name": "kaspersky-fsecure-chm-bo(22564)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22564"
                },
                {
                  "name": "15054",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15054"
                },
                {
                  "name": "17144",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17144"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3664",
        "datePublished": "2005-11-18T11:00:00.000Z",
        "dateReserved": "2005-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:17:23.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3663 (GCVE-0-2005-3663)

    Vulnerability from nvd – Published: 2005-11-18 11:00 – Updated: 2024-08-07 23:17
    VLAI
    Summary
    Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.idefense.com/application/poi/display?i… third-party-advisoryx_refsource_IDEFENSE
    http://securitytracker.com/id?1015224 vdb-entryx_refsource_SECTRACK
    http://securityreason.com/securityalert/187 third-party-advisoryx_refsource_SREASON
    Date Public
    2005-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:17:23.377Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://www.idefense.com/application/poi/display?id=340\u0026type=vulnerabilities"
              },
              {
                "name": "1015224",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015224"
              },
              {
                "name": "187",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/187"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious \"program.exe\" file in the C: folder."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-24T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://www.idefense.com/application/poi/display?id=340\u0026type=vulnerabilities"
            },
            {
              "name": "1015224",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015224"
            },
            {
              "name": "187",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/187"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3663",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious \"program.exe\" file in the C: folder."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://www.idefense.com/application/poi/display?id=340\u0026type=vulnerabilities"
                },
                {
                  "name": "1015224",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015224"
                },
                {
                  "name": "187",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/187"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3663",
        "datePublished": "2005-11-18T11:00:00.000Z",
        "dateReserved": "2005-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:17:23.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-4452 (GCVE-0-2009-4452)

    Vulnerability from cvelistv5 – Published: 2009-12-29 20:15 – Updated: 2024-08-07 07:01
    VLAI
    Summary
    Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2009/3573 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1023366 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/37730 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/508508/100… mailing-listx_refsource_BUGTRAQ
    http://www.exploit-db.com/exploits/10484 exploitx_refsource_EXPLOIT-DB
    http://secunia.com/advisories/37398 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1023367 vdb-entryx_refsource_SECTRACK
    Date Public
    2009-12-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:01:20.350Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2009-3573",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3573"
              },
              {
                "name": "1023366",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1023366"
              },
              {
                "name": "37730",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37730"
              },
              {
                "name": "20091216 Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/508508/100/0/threaded"
              },
              {
                "name": "10484",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/10484"
              },
              {
                "name": "37398",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37398"
              },
              {
                "name": "1023367",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1023367"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-12-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2009-3573",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3573"
            },
            {
              "name": "1023366",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1023366"
            },
            {
              "name": "37730",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37730"
            },
            {
              "name": "20091216 Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/508508/100/0/threaded"
            },
            {
              "name": "10484",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/10484"
            },
            {
              "name": "37398",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37398"
            },
            {
              "name": "1023367",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1023367"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-4452",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2009-3573",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3573"
                },
                {
                  "name": "1023366",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1023366"
                },
                {
                  "name": "37730",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37730"
                },
                {
                  "name": "20091216 Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/508508/100/0/threaded"
                },
                {
                  "name": "10484",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/10484"
                },
                {
                  "name": "37398",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37398"
                },
                {
                  "name": "1023367",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1023367"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-4452",
        "datePublished": "2009-12-29T20:15:00.000Z",
        "dateReserved": "2009-12-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:01:20.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0449 (GCVE-0-2009-0449)

    Vulnerability from cvelistv5 – Published: 2009-02-05 20:00 – Updated: 2024-08-07 04:31
    VLAI
    Summary
    Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2009-02-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:31:26.233Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=60\u0026Itemid=1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://kartoffel.reversemode.com/downloads/kaspersky_klim5_plugin.zip"
              },
              {
                "name": "1021661",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021661"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.wintercore.com/advisories/advisory_W020209.html"
              },
              {
                "name": "20090202 [Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/500606/100/0/threaded"
              },
              {
                "name": "33561",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/33561"
              },
              {
                "name": "33788",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/33788"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-02-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=60\u0026Itemid=1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://kartoffel.reversemode.com/downloads/kaspersky_klim5_plugin.zip"
            },
            {
              "name": "1021661",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021661"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.wintercore.com/advisories/advisory_W020209.html"
            },
            {
              "name": "20090202 [Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/500606/100/0/threaded"
            },
            {
              "name": "33561",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/33561"
            },
            {
              "name": "33788",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/33788"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0449",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=60\u0026Itemid=1",
                  "refsource": "MISC",
                  "url": "http://www.reversemode.com/index.php?option=com_content\u0026task=view\u0026id=60\u0026Itemid=1"
                },
                {
                  "name": "http://kartoffel.reversemode.com/downloads/kaspersky_klim5_plugin.zip",
                  "refsource": "MISC",
                  "url": "http://kartoffel.reversemode.com/downloads/kaspersky_klim5_plugin.zip"
                },
                {
                  "name": "1021661",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021661"
                },
                {
                  "name": "http://www.wintercore.com/advisories/advisory_W020209.html",
                  "refsource": "MISC",
                  "url": "http://www.wintercore.com/advisories/advisory_W020209.html"
                },
                {
                  "name": "20090202 [Wintercore Research WS02-0209] Kaspersky Products Klim5.sys local privilege escalation",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/500606/100/0/threaded"
                },
                {
                  "name": "33561",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/33561"
                },
                {
                  "name": "33788",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/33788"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0449",
        "datePublished": "2009-02-05T20:00:00.000Z",
        "dateReserved": "2009-02-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:31:26.233Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1518 (GCVE-0-2008-1518)

    Vulnerability from cvelistv5 – Published: 2008-06-05 20:21 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1020195 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2008/1739 vdb-entryx_refsource_VUPEN
    http://www.kaspersky.com/technews?id=203038727 x_refsource_CONFIRM
    http://secunia.com/advisories/30534 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://securitytracker.com/id?1020196 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-06-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1020195",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020195"
              },
              {
                "name": "ADV-2008-1739",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1739"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038727"
              },
              {
                "name": "30534",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30534"
              },
              {
                "name": "kaspersky-internetsecurity-kl1-bo(42849)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42849"
              },
              {
                "name": "20080604 Kaspersky Internet Security IOCTL Stack Based Buffer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=704"
              },
              {
                "name": "1020196",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020196"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-06-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1020195",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020195"
            },
            {
              "name": "ADV-2008-1739",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1739"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038727"
            },
            {
              "name": "30534",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30534"
            },
            {
              "name": "kaspersky-internetsecurity-kl1-bo(42849)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42849"
            },
            {
              "name": "20080604 Kaspersky Internet Security IOCTL Stack Based Buffer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=704"
            },
            {
              "name": "1020196",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020196"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1518",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1020195",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020195"
                },
                {
                  "name": "ADV-2008-1739",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1739"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038727",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038727"
                },
                {
                  "name": "30534",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30534"
                },
                {
                  "name": "kaspersky-internetsecurity-kl1-bo(42849)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42849"
                },
                {
                  "name": "20080604 Kaspersky Internet Security IOCTL Stack Based Buffer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=704"
                },
                {
                  "name": "1020196",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020196"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1518",
        "datePublished": "2008-06-05T20:21:00.000Z",
        "dateReserved": "2008-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.244Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-1444 (GCVE-0-2003-1444)

    Vulnerability from cvelistv5 – Published: 2007-10-23 01:00 – Updated: 2024-08-08 02:28
    VLAI
    Summary
    Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2003-02-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:28:03.857Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20030211 SECURITY.NNOV: Kaspersky Antivirus DoS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0130.html"
              },
              {
                "name": "kav-long-path-dos(11291)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11291"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-02-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20030211 SECURITY.NNOV: Kaspersky Antivirus DoS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0130.html"
            },
            {
              "name": "kav-long-path-dos(11291)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11291"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1444",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20030211 SECURITY.NNOV: Kaspersky Antivirus DoS",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0130.html"
                },
                {
                  "name": "kav-long-path-dos(11291)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11291"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1444",
        "datePublished": "2007-10-23T01:00:00.000Z",
        "dateReserved": "2007-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:28:03.857Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-1443 (GCVE-0-2003-1443)

    Vulnerability from cvelistv5 – Published: 2007-10-23 01:00 – Updated: 2024-08-08 02:28
    VLAI
    Summary
    Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and aux.com.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2003-02-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:28:03.459Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "kav-device-name-bypass(11292)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11292"
              },
              {
                "name": "20030211 SECURITY.NNOV: Kaspersky Antivirus DoS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0130.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-02-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and aux.com."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "kav-device-name-bypass(11292)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11292"
            },
            {
              "name": "20030211 SECURITY.NNOV: Kaspersky Antivirus DoS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0130.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1443",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and aux.com."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "kav-device-name-bypass(11292)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11292"
                },
                {
                  "name": "20030211 SECURITY.NNOV: Kaspersky Antivirus DoS",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0130.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1443",
        "datePublished": "2007-10-23T01:00:00.000Z",
        "dateReserved": "2007-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:28:03.459Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5086 (GCVE-0-2007-5086)

    Vulnerability from cvelistv5 – Published: 2007-09-26 10:00 – Updated: 2024-08-07 15:17
    VLAI
    Summary
    Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks. NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1. NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that "it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2007/3259 vdb-entryx_refsource_VUPEN
    http://osvdb.org/37990 vdb-entryx_refsource_OSVDB
    http://www.rootkit.com/newsread.php?newsid=778 x_refsource_MISC
    http://www.kaspersky.com/technews?id=203038706 x_refsource_CONFIRM
    http://secunia.com/advisories/26887 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2007-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:17:28.206Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-3259",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3259"
              },
              {
                "name": "37990",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/37990"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rootkit.com/newsread.php?newsid=778"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038706"
              },
              {
                "name": "26887",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26887"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks.  NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1.  NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that \"it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-3259",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3259"
            },
            {
              "name": "37990",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/37990"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rootkit.com/newsread.php?newsid=778"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038706"
            },
            {
              "name": "26887",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26887"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5086",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks.  NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1.  NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that \"it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-3259",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3259"
                },
                {
                  "name": "37990",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/37990"
                },
                {
                  "name": "http://www.rootkit.com/newsread.php?newsid=778",
                  "refsource": "MISC",
                  "url": "http://www.rootkit.com/newsread.php?newsid=778"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038706",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038706"
                },
                {
                  "name": "26887",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26887"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5086",
        "datePublished": "2007-09-26T10:00:00.000Z",
        "dateReserved": "2007-09-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:17:28.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1881 (GCVE-0-2007-1881)

    Vulnerability from cvelistv5 – Published: 2007-04-06 00:00 – Updated: 2024-08-07 13:13
    VLAI
    Summary
    Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/24778 third-party-advisoryx_refsource_SECUNIA
    http://www.kaspersky.com/technews?id=203038694 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1268 vdb-entryx_refsource_VUPEN
    http://www.osvdb.org/33852 vdb-entryx_refsource_OSVDB
    http://www.kaspersky.com/technews?id=203038693 x_refsource_CONFIRM
    Date Public
    2007-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:13:41.744Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "24778",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24778"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038694"
              },
              {
                "name": "ADV-2007-1268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1268"
              },
              {
                "name": "33852",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/33852"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038693"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-04-28T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "24778",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24778"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038694"
            },
            {
              "name": "ADV-2007-1268",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1268"
            },
            {
              "name": "33852",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/33852"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038693"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1881",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "24778",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24778"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038694",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038694"
                },
                {
                  "name": "ADV-2007-1268",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1268"
                },
                {
                  "name": "33852",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/33852"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038693",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038693"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1881",
        "datePublished": "2007-04-06T00:00:00.000Z",
        "dateReserved": "2007-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:13:41.744Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0445 (GCVE-0-2007-0445)

    Vulnerability from cvelistv5 – Published: 2007-04-06 00:00 – Updated: 2024-08-07 12:19
    VLAI
    Summary
    Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:19:30.325Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-013.html"
              },
              {
                "name": "24778",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24778"
              },
              {
                "name": "1017882",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017882"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038694"
              },
              {
                "name": "ADV-2007-1268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1268"
              },
              {
                "name": "20070405 ZDI-07-013: Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464878/100/0/threaded"
              },
              {
                "name": "kaspersky-arj-bo(33489)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33489"
              },
              {
                "name": "23346",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23346"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038693"
              },
              {
                "name": "1017883",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017883"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-013.html"
            },
            {
              "name": "24778",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24778"
            },
            {
              "name": "1017882",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017882"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038694"
            },
            {
              "name": "ADV-2007-1268",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1268"
            },
            {
              "name": "20070405 ZDI-07-013: Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464878/100/0/threaded"
            },
            {
              "name": "kaspersky-arj-bo(33489)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33489"
            },
            {
              "name": "23346",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23346"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038693"
            },
            {
              "name": "1017883",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017883"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0445",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-013.html",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-013.html"
                },
                {
                  "name": "24778",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24778"
                },
                {
                  "name": "1017882",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017882"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038694",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038694"
                },
                {
                  "name": "ADV-2007-1268",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1268"
                },
                {
                  "name": "20070405 ZDI-07-013: Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464878/100/0/threaded"
                },
                {
                  "name": "kaspersky-arj-bo(33489)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33489"
                },
                {
                  "name": "23346",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23346"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038693",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038693"
                },
                {
                  "name": "1017883",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017883"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0445",
        "datePublished": "2007-04-06T00:00:00.000Z",
        "dateReserved": "2007-01-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:19:30.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1112 (GCVE-0-2007-1112)

    Vulnerability from cvelistv5 – Published: 2007-04-06 00:00 – Updated: 2024-08-07 12:43
    VLAI
    Summary
    Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:43:22.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1017884",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017884"
              },
              {
                "name": "1017885",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017885"
              },
              {
                "name": "24778",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24778"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038694"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-014.html"
              },
              {
                "name": "ADV-2007-1268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1268"
              },
              {
                "name": "23345",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23345"
              },
              {
                "name": "kaspersky-startuploading-info-disclosure(33464)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"
              },
              {
                "name": "20070405 ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464882/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to \"download\" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1017884",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017884"
            },
            {
              "name": "1017885",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017885"
            },
            {
              "name": "24778",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24778"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038694"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-014.html"
            },
            {
              "name": "ADV-2007-1268",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1268"
            },
            {
              "name": "23345",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23345"
            },
            {
              "name": "kaspersky-startuploading-info-disclosure(33464)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"
            },
            {
              "name": "20070405 ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464882/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1112",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to \"download\" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1017884",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017884"
                },
                {
                  "name": "1017885",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017885"
                },
                {
                  "name": "24778",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24778"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038694",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038694"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-014.html",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-014.html"
                },
                {
                  "name": "ADV-2007-1268",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1268"
                },
                {
                  "name": "23345",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23345"
                },
                {
                  "name": "kaspersky-startuploading-info-disclosure(33464)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"
                },
                {
                  "name": "20070405 ZDI-07-014: Kaspersky Anti-Virus ActiveX Control Unsafe Method Exposure Vulnerablity",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464882/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1112",
        "datePublished": "2007-04-06T00:00:00.000Z",
        "dateReserved": "2007-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:43:22.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1880 (GCVE-0-2007-1880)

    Vulnerability from cvelistv5 – Published: 2007-04-06 00:00 – Updated: 2024-08-07 13:13
    VLAI
    Summary
    Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.osvdb.org/33851 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/23326 vdb-entryx_refsource_BID
    http://secunia.com/advisories/24778 third-party-advisoryx_refsource_SECUNIA
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://www.kaspersky.com/technews?id=203038694 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1268 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1017873 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securitytracker.com/id?1017872 vdb-entryx_refsource_SECTRACK
    http://www.kaspersky.com/technews?id=203038693 x_refsource_CONFIRM
    Date Public
    2007-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:13:41.791Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "33851",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/33851"
              },
              {
                "name": "23326",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23326"
              },
              {
                "name": "24778",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24778"
              },
              {
                "name": "20070404 Kaspersky Internet Security Suite klif.sys Heap Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=505"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038694"
              },
              {
                "name": "ADV-2007-1268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1268"
              },
              {
                "name": "1017873",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017873"
              },
              {
                "name": "kaspersky-klif-bo(33460)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33460"
              },
              {
                "name": "1017872",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017872"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038693"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned \"data size argument,\" which results in a heap overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "33851",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/33851"
            },
            {
              "name": "23326",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23326"
            },
            {
              "name": "24778",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24778"
            },
            {
              "name": "20070404 Kaspersky Internet Security Suite klif.sys Heap Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=505"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038694"
            },
            {
              "name": "ADV-2007-1268",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1268"
            },
            {
              "name": "1017873",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017873"
            },
            {
              "name": "kaspersky-klif-bo(33460)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33460"
            },
            {
              "name": "1017872",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017872"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038693"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1880",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned \"data size argument,\" which results in a heap overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "33851",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/33851"
                },
                {
                  "name": "23326",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23326"
                },
                {
                  "name": "24778",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24778"
                },
                {
                  "name": "20070404 Kaspersky Internet Security Suite klif.sys Heap Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=505"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038694",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038694"
                },
                {
                  "name": "ADV-2007-1268",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1268"
                },
                {
                  "name": "1017873",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017873"
                },
                {
                  "name": "kaspersky-klif-bo(33460)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33460"
                },
                {
                  "name": "1017872",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017872"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038693",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038693"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1880",
        "datePublished": "2007-04-06T00:00:00.000Z",
        "dateReserved": "2007-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:13:41.791Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1879 (GCVE-0-2007-1879)

    Vulnerability from cvelistv5 – Published: 2007-04-06 00:00 – Updated: 2024-08-07 13:13
    VLAI
    Summary
    The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://secunia.com/advisories/24778 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1017871 vdb-entryx_refsource_SECTRACK
    http://www.kaspersky.com/technews?id=203038694 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1268 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/23325 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:13:41.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070404 Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504"
              },
              {
                "name": "24778",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24778"
              },
              {
                "name": "1017871",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017871"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038694"
              },
              {
                "name": "ADV-2007-1268",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1268"
              },
              {
                "name": "23325",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23325"
              },
              {
                "name": "kaspersky-startuploading-info-disclosure(33464)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command.  NOTE: this issue might be related to CVE-2007-1112."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20070404 Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504"
            },
            {
              "name": "24778",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24778"
            },
            {
              "name": "1017871",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017871"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038694"
            },
            {
              "name": "ADV-2007-1268",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1268"
            },
            {
              "name": "23325",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23325"
            },
            {
              "name": "kaspersky-startuploading-info-disclosure(33464)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1879",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command.  NOTE: this issue might be related to CVE-2007-1112."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070404 Kaspersky AntiVirus SysInfo ActiveX Control Information Disclosure Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=504"
                },
                {
                  "name": "24778",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24778"
                },
                {
                  "name": "1017871",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017871"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038694",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038694"
                },
                {
                  "name": "ADV-2007-1268",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1268"
                },
                {
                  "name": "23325",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23325"
                },
                {
                  "name": "kaspersky-startuploading-info-disclosure(33464)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33464"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1879",
        "datePublished": "2007-04-06T00:00:00.000Z",
        "dateReserved": "2007-04-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:13:41.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-6408 (GCVE-0-2006-6408)

    Vulnerability from cvelistv5 – Published: 2006-12-10 02:00 – Updated: 2024-08-07 20:26
    VLAI
    Summary
    Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-12-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:26:46.061Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "21461",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/21461"
              },
              {
                "name": "20061206 Multiple Vendor Unusual MIME Encoding Content Filter Bypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/453654/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.quantenblog.net/security/virus-scanner-bypass"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "21461",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/21461"
            },
            {
              "name": "20061206 Multiple Vendor Unusual MIME Encoding Content Filter Bypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/453654/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.quantenblog.net/security/virus-scanner-bypass"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-6408",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "21461",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/21461"
                },
                {
                  "name": "20061206 Multiple Vendor Unusual MIME Encoding Content Filter Bypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/453654/100/0/threaded"
                },
                {
                  "name": "http://www.quantenblog.net/security/virus-scanner-bypass",
                  "refsource": "MISC",
                  "url": "http://www.quantenblog.net/security/virus-scanner-bypass"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-6408",
        "datePublished": "2006-12-10T02:00:00.000Z",
        "dateReserved": "2006-12-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:26:46.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4926 (GCVE-0-2006-4926)

    Vulnerability from cvelistv5 – Published: 2006-10-20 22:00 – Updated: 2024-08-07 19:32
    VLAI
    Summary
    The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/449289/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/29891 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/449301/100… mailing-listx_refsource_BUGTRAQ
    http://www.kaspersky.com/technews?id=203038678 x_refsource_CONFIRM
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://secunia.com/advisories/22478 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/20635 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1017093 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2006/4117 vdb-entryx_refsource_VUPEN
    Date Public
    2006-10-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:32:22.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20061020 [Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/449289/100/0/threaded"
              },
              {
                "name": "kaspersky-klinklick-privilege-escalation(29677)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29677"
              },
              {
                "name": "29891",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/29891"
              },
              {
                "name": "20061020 Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/449301/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038678"
              },
              {
                "name": "20061020 Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425"
              },
              {
                "name": "22478",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22478"
              },
              {
                "name": "20635",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20635"
              },
              {
                "name": "1017093",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1017093"
              },
              {
                "name": "ADV-2006-4117",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/4117"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20061020 [Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/449289/100/0/threaded"
            },
            {
              "name": "kaspersky-klinklick-privilege-escalation(29677)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29677"
            },
            {
              "name": "29891",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/29891"
            },
            {
              "name": "20061020 Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/449301/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038678"
            },
            {
              "name": "20061020 Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425"
            },
            {
              "name": "22478",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22478"
            },
            {
              "name": "20635",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20635"
            },
            {
              "name": "1017093",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1017093"
            },
            {
              "name": "ADV-2006-4117",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4117"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4926",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20061020 [Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/449289/100/0/threaded"
                },
                {
                  "name": "kaspersky-klinklick-privilege-escalation(29677)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29677"
                },
                {
                  "name": "29891",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/29891"
                },
                {
                  "name": "20061020 Re: iDefense Security Advisory 10.19.06: Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/449301/100/0/threaded"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038678",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038678"
                },
                {
                  "name": "20061020 Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425"
                },
                {
                  "name": "22478",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22478"
                },
                {
                  "name": "20635",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20635"
                },
                {
                  "name": "1017093",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1017093"
                },
                {
                  "name": "ADV-2006-4117",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/4117"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4926",
        "datePublished": "2006-10-20T22:00:00.000Z",
        "dateReserved": "2006-09-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:32:22.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1091 (GCVE-0-2006-1091)

    Vulnerability from cvelistv5 – Published: 2006-03-09 11:00 – Updated: 2024-08-07 16:56
    VLAI
    Summary
    Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/426699 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/16942 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/535 third-party-advisoryx_refsource_SREASON
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-03-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:56:15.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060303 Kaspersky Memory/CPU Usage Leak by design",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/426699"
              },
              {
                "name": "16942",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16942"
              },
              {
                "name": "535",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/535"
              },
              {
                "name": "kaspersky-unspecified-dos(25221)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25221"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060303 Kaspersky Memory/CPU Usage Leak by design",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/426699"
            },
            {
              "name": "16942",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16942"
            },
            {
              "name": "535",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/535"
            },
            {
              "name": "kaspersky-unspecified-dos(25221)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25221"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1091",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060303 Kaspersky Memory/CPU Usage Leak by design",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/426699"
                },
                {
                  "name": "16942",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16942"
                },
                {
                  "name": "535",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/535"
                },
                {
                  "name": "kaspersky-unspecified-dos(25221)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25221"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1091",
        "datePublished": "2006-03-09T11:00:00.000Z",
        "dateReserved": "2006-03-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:56:15.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3664 (GCVE-0-2005-3664)

    Vulnerability from cvelistv5 – Published: 2005-11-18 11:00 – Updated: 2024-08-07 23:17
    VLAI
    Summary
    Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/17130 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/19913 vdb-entryx_refsource_OSVDB
    http://www.idefense.com/application/poi/display?i… third-party-advisoryx_refsource_IDEFENSE
    http://www.osvdb.org/19912 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/15054 vdb-entryx_refsource_BID
    http://secunia.com/advisories/17144 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:17:23.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "17130",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17130"
              },
              {
                "name": "19913",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/19913"
              },
              {
                "name": "20051010 Kaspersky Anti-Virus Engine CHM File Parser Buffer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://www.idefense.com/application/poi/display?id=318\u0026type=vulnerabilities"
              },
              {
                "name": "19912",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/19912"
              },
              {
                "name": "kaspersky-fsecure-chm-bo(22564)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22564"
              },
              {
                "name": "15054",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15054"
              },
              {
                "name": "17144",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17144"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "17130",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17130"
            },
            {
              "name": "19913",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/19913"
            },
            {
              "name": "20051010 Kaspersky Anti-Virus Engine CHM File Parser Buffer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://www.idefense.com/application/poi/display?id=318\u0026type=vulnerabilities"
            },
            {
              "name": "19912",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/19912"
            },
            {
              "name": "kaspersky-fsecure-chm-bo(22564)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22564"
            },
            {
              "name": "15054",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15054"
            },
            {
              "name": "17144",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17144"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3664",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "17130",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17130"
                },
                {
                  "name": "19913",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/19913"
                },
                {
                  "name": "20051010 Kaspersky Anti-Virus Engine CHM File Parser Buffer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://www.idefense.com/application/poi/display?id=318\u0026type=vulnerabilities"
                },
                {
                  "name": "19912",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/19912"
                },
                {
                  "name": "kaspersky-fsecure-chm-bo(22564)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22564"
                },
                {
                  "name": "15054",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15054"
                },
                {
                  "name": "17144",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17144"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3664",
        "datePublished": "2005-11-18T11:00:00.000Z",
        "dateReserved": "2005-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:17:23.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3663 (GCVE-0-2005-3663)

    Vulnerability from cvelistv5 – Published: 2005-11-18 11:00 – Updated: 2024-08-07 23:17
    VLAI
    Summary
    Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.idefense.com/application/poi/display?i… third-party-advisoryx_refsource_IDEFENSE
    http://securitytracker.com/id?1015224 vdb-entryx_refsource_SECTRACK
    http://securityreason.com/securityalert/187 third-party-advisoryx_refsource_SREASON
    Date Public
    2005-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:17:23.377Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://www.idefense.com/application/poi/display?id=340\u0026type=vulnerabilities"
              },
              {
                "name": "1015224",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015224"
              },
              {
                "name": "187",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/187"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious \"program.exe\" file in the C: folder."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-24T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://www.idefense.com/application/poi/display?id=340\u0026type=vulnerabilities"
            },
            {
              "name": "1015224",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015224"
            },
            {
              "name": "187",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/187"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3663",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious \"program.exe\" file in the C: folder."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://www.idefense.com/application/poi/display?id=340\u0026type=vulnerabilities"
                },
                {
                  "name": "1015224",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015224"
                },
                {
                  "name": "187",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/187"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3663",
        "datePublished": "2005-11-18T11:00:00.000Z",
        "dateReserved": "2005-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:17:23.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }