Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for kaspersky_internet_security by kaspersky

    CVE-2019-15689 (GCVE-0-2019-15689)

    Vulnerability from nvd – Published: 2019-12-02 20:43 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products
    Severity
    No CVSS data available.
    CWE
    • Bypass
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.341Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud",
              "vendor": "Kaspersky",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to version 2020 patch E"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-02T20:43:52.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "ID": "CVE-2019-15689",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to version 2020 patch E"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kaspersky"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219",
                  "refsource": "CONFIRM",
                  "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2019-15689",
        "datePublished": "2019-12-02T20:43:52.000Z",
        "dateReserved": "2019-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5654 (GCVE-0-2014-5654)

    Vulnerability from nvd – Published: 2014-09-09 01:00 – Updated: 2024-08-06 11:48
    VLAI
    Summary
    The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/218177 third-party-advisoryx_refsource_CERT-VN
    http://www.kb.cert.org/vuls/id/582497 third-party-advisoryx_refsource_CERT-VN
    https://docs.google.com/spreadsheets/d/1t5GXwjw82… x_refsource_MISC
    Date Public
    2014-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:48:50.087Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#218177",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/218177"
              },
              {
                "name": "VU#582497",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/582497"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-09-09T01:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#218177",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/218177"
            },
            {
              "name": "VU#582497",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/582497"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2014-5654",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#218177",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/218177"
                },
                {
                  "name": "VU#582497",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/582497"
                },
                {
                  "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
                  "refsource": "MISC",
                  "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2014-5654",
        "datePublished": "2014-09-09T01:00:00.000Z",
        "dateReserved": "2014-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:48:50.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2966 (GCVE-0-2009-2966)

    Vulnerability from nvd – Published: 2009-08-25 17:00 – Updated: 2024-08-07 06:07
    VLAI
    Summary
    avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/36405 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/57173 vdb-entryx_refsource_OSVDB
    http://securityreason.com/achievement_securityalert/66 third-party-advisoryx_refsource_SREASONRES
    http://www.securityfocus.com/bid/36084 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id?1022754 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id?1022755 vdb-entryx_refsource_SECTRACK
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www.h-online.com/security/Kaspersky-confir… x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2009-08-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:07:37.405Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36405",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36405"
              },
              {
                "name": "57173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/57173"
              },
              {
                "name": "20090819 Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASONRES",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/achievement_securityalert/66"
              },
              {
                "name": "36084",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36084"
              },
              {
                "name": "1022754",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022754"
              },
              {
                "name": "1022755",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022755"
              },
              {
                "name": "20090818 Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0252.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077"
              },
              {
                "name": "kaspersky-antivirus-internet-http-dos(52571)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52571"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-08-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot \".\" characters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36405",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36405"
            },
            {
              "name": "57173",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/57173"
            },
            {
              "name": "20090819 Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASONRES"
              ],
              "url": "http://securityreason.com/achievement_securityalert/66"
            },
            {
              "name": "36084",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36084"
            },
            {
              "name": "1022754",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022754"
            },
            {
              "name": "1022755",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022755"
            },
            {
              "name": "20090818 Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0252.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077"
            },
            {
              "name": "kaspersky-antivirus-internet-http-dos(52571)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52571"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2966",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot \".\" characters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36405",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36405"
                },
                {
                  "name": "57173",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/57173"
                },
                {
                  "name": "20090819 Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service",
                  "refsource": "SREASONRES",
                  "url": "http://securityreason.com/achievement_securityalert/66"
                },
                {
                  "name": "36084",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36084"
                },
                {
                  "name": "1022754",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022754"
                },
                {
                  "name": "1022755",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022755"
                },
                {
                  "name": "20090818 Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0252.html"
                },
                {
                  "name": "http://www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077",
                  "refsource": "MISC",
                  "url": "http://www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077"
                },
                {
                  "name": "kaspersky-antivirus-internet-http-dos(52571)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52571"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2966",
        "datePublished": "2009-08-25T17:00:00.000Z",
        "dateReserved": "2009-08-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:07:37.405Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2647 (GCVE-0-2009-2647)

    Vulnerability from nvd – Published: 2009-07-30 19:00 – Updated: 2024-08-07 05:59
    VLAI
    Summary
    Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/35789 vdb-entryx_refsource_BID
    http://osvdb.org/56351 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2009/1998 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/35978 third-party-advisoryx_refsource_SECUNIA
    http://www.kaspersky.com/technews?id=203038755 x_refsource_CONFIRM
    Date Public
    2009-07-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:59:56.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "kaspersky-av-is-sec-bypass(51986)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51986"
              },
              {
                "name": "35789",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35789"
              },
              {
                "name": "56351",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/56351"
              },
              {
                "name": "ADV-2009-1998",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1998"
              },
              {
                "name": "35978",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35978"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038755"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to \"an external script.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "kaspersky-av-is-sec-bypass(51986)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51986"
            },
            {
              "name": "35789",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35789"
            },
            {
              "name": "56351",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/56351"
            },
            {
              "name": "ADV-2009-1998",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1998"
            },
            {
              "name": "35978",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35978"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038755"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2647",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to \"an external script.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "kaspersky-av-is-sec-bypass(51986)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51986"
                },
                {
                  "name": "35789",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35789"
                },
                {
                  "name": "56351",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/56351"
                },
                {
                  "name": "ADV-2009-1998",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1998"
                },
                {
                  "name": "35978",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35978"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038755",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038755"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2647",
        "datePublished": "2009-07-30T19:00:00.000Z",
        "dateReserved": "2009-07-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:59:56.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3074 (GCVE-0-2006-3074)

    Vulnerability from nvd – Published: 2006-06-19 10:00 – Updated: 2024-08-07 18:16
    VLAI
    Summary
    klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2006-06-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:16:05.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "kaspersky-klif-dos(27104)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27104"
              },
              {
                "name": "kaspersky-multiple-klif-dos(34875)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34875"
              },
              {
                "name": "18341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18341"
              },
              {
                "name": "1018257",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018257"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=4"
              },
              {
                "name": "ADV-2007-2145",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2145"
              },
              {
                "name": "24491",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24491"
              },
              {
                "name": "ADV-2006-2333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2333"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038695"
              },
              {
                "name": "25603",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25603"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rootkit.com/board.php?did=edge726\u0026closed=0\u0026lastx=15"
              },
              {
                "name": "20070615 Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/471453/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
              },
              {
                "name": "20629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20629"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=7"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rootkit.com/newsread.php?newsid=726"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "kaspersky-klif-dos(27104)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27104"
            },
            {
              "name": "kaspersky-multiple-klif-dos(34875)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34875"
            },
            {
              "name": "18341",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18341"
            },
            {
              "name": "1018257",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018257"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=4"
            },
            {
              "name": "ADV-2007-2145",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2145"
            },
            {
              "name": "24491",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24491"
            },
            {
              "name": "ADV-2006-2333",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2333"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038695"
            },
            {
              "name": "25603",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25603"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rootkit.com/board.php?did=edge726\u0026closed=0\u0026lastx=15"
            },
            {
              "name": "20070615 Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/471453/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
            },
            {
              "name": "20629",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20629"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=7"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rootkit.com/newsread.php?newsid=726"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3074",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "kaspersky-klif-dos(27104)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27104"
                },
                {
                  "name": "kaspersky-multiple-klif-dos(34875)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34875"
                },
                {
                  "name": "18341",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18341"
                },
                {
                  "name": "1018257",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018257"
                },
                {
                  "name": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=4",
                  "refsource": "MISC",
                  "url": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=4"
                },
                {
                  "name": "ADV-2007-2145",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2145"
                },
                {
                  "name": "24491",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24491"
                },
                {
                  "name": "ADV-2006-2333",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2333"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038695",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038695"
                },
                {
                  "name": "25603",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25603"
                },
                {
                  "name": "http://www.rootkit.com/board.php?did=edge726\u0026closed=0\u0026lastx=15",
                  "refsource": "MISC",
                  "url": "http://www.rootkit.com/board.php?did=edge726\u0026closed=0\u0026lastx=15"
                },
                {
                  "name": "20070615 Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/471453/100/0/threaded"
                },
                {
                  "name": "http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php",
                  "refsource": "MISC",
                  "url": "http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
                },
                {
                  "name": "20629",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20629"
                },
                {
                  "name": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=7",
                  "refsource": "MISC",
                  "url": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=7"
                },
                {
                  "name": "http://www.rootkit.com/newsread.php?newsid=726",
                  "refsource": "MISC",
                  "url": "http://www.rootkit.com/newsread.php?newsid=726"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3074",
        "datePublished": "2006-06-19T10:00:00.000Z",
        "dateReserved": "2006-06-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:16:05.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15689 (GCVE-0-2019-15689)

    Vulnerability from cvelistv5 – Published: 2019-12-02 20:43 – Updated: 2024-08-05 00:56
    VLAI
    Summary
    Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products
    Severity
    No CVSS data available.
    CWE
    • Bypass
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:56:22.341Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud",
              "vendor": "Kaspersky",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to version 2020 patch E"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-02T20:43:52.000Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerability@kaspersky.com",
              "ID": "CVE-2019-15689",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to version 2020 patch E"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Kaspersky"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219",
                  "refsource": "CONFIRM",
                  "url": "https://support.kaspersky.com/general/vulnerability.aspx?el=12430#021219"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2019-15689",
        "datePublished": "2019-12-02T20:43:52.000Z",
        "dateReserved": "2019-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T00:56:22.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5654 (GCVE-0-2014-5654)

    Vulnerability from cvelistv5 – Published: 2014-09-09 01:00 – Updated: 2024-08-06 11:48
    VLAI
    Summary
    The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/218177 third-party-advisoryx_refsource_CERT-VN
    http://www.kb.cert.org/vuls/id/582497 third-party-advisoryx_refsource_CERT-VN
    https://docs.google.com/spreadsheets/d/1t5GXwjw82… x_refsource_MISC
    Date Public
    2014-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:48:50.087Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#218177",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/218177"
              },
              {
                "name": "VU#582497",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/582497"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-09-09T01:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#218177",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/218177"
            },
            {
              "name": "VU#582497",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/582497"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2014-5654",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#218177",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/218177"
                },
                {
                  "name": "VU#582497",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/582497"
                },
                {
                  "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
                  "refsource": "MISC",
                  "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2014-5654",
        "datePublished": "2014-09-09T01:00:00.000Z",
        "dateReserved": "2014-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:48:50.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2966 (GCVE-0-2009-2966)

    Vulnerability from cvelistv5 – Published: 2009-08-25 17:00 – Updated: 2024-08-07 06:07
    VLAI
    Summary
    avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/36405 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/57173 vdb-entryx_refsource_OSVDB
    http://securityreason.com/achievement_securityalert/66 third-party-advisoryx_refsource_SREASONRES
    http://www.securityfocus.com/bid/36084 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id?1022754 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id?1022755 vdb-entryx_refsource_SECTRACK
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www.h-online.com/security/Kaspersky-confir… x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2009-08-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:07:37.405Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "36405",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36405"
              },
              {
                "name": "57173",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/57173"
              },
              {
                "name": "20090819 Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASONRES",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/achievement_securityalert/66"
              },
              {
                "name": "36084",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/36084"
              },
              {
                "name": "1022754",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022754"
              },
              {
                "name": "1022755",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022755"
              },
              {
                "name": "20090818 Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0252.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077"
              },
              {
                "name": "kaspersky-antivirus-internet-http-dos(52571)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52571"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-08-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot \".\" characters."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "36405",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36405"
            },
            {
              "name": "57173",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/57173"
            },
            {
              "name": "20090819 Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASONRES"
              ],
              "url": "http://securityreason.com/achievement_securityalert/66"
            },
            {
              "name": "36084",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/36084"
            },
            {
              "name": "1022754",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022754"
            },
            {
              "name": "1022755",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022755"
            },
            {
              "name": "20090818 Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0252.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077"
            },
            {
              "name": "kaspersky-antivirus-internet-http-dos(52571)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52571"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2966",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot \".\" characters."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "36405",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36405"
                },
                {
                  "name": "57173",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/57173"
                },
                {
                  "name": "20090819 Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service",
                  "refsource": "SREASONRES",
                  "url": "http://securityreason.com/achievement_securityalert/66"
                },
                {
                  "name": "36084",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/36084"
                },
                {
                  "name": "1022754",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022754"
                },
                {
                  "name": "1022755",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022755"
                },
                {
                  "name": "20090818 Kaspersky AV/IS 2010 (avp.exe) Denial-of-Service",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0252.html"
                },
                {
                  "name": "http://www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077",
                  "refsource": "MISC",
                  "url": "http://www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077"
                },
                {
                  "name": "kaspersky-antivirus-internet-http-dos(52571)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52571"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2966",
        "datePublished": "2009-08-25T17:00:00.000Z",
        "dateReserved": "2009-08-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:07:37.405Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2647 (GCVE-0-2009-2647)

    Vulnerability from cvelistv5 – Published: 2009-07-30 19:00 – Updated: 2024-08-07 05:59
    VLAI
    Summary
    Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/35789 vdb-entryx_refsource_BID
    http://osvdb.org/56351 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2009/1998 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/35978 third-party-advisoryx_refsource_SECUNIA
    http://www.kaspersky.com/technews?id=203038755 x_refsource_CONFIRM
    Date Public
    2009-07-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:59:56.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "kaspersky-av-is-sec-bypass(51986)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51986"
              },
              {
                "name": "35789",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35789"
              },
              {
                "name": "56351",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/56351"
              },
              {
                "name": "ADV-2009-1998",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1998"
              },
              {
                "name": "35978",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35978"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038755"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to \"an external script.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "kaspersky-av-is-sec-bypass(51986)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51986"
            },
            {
              "name": "35789",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35789"
            },
            {
              "name": "56351",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/56351"
            },
            {
              "name": "ADV-2009-1998",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1998"
            },
            {
              "name": "35978",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35978"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038755"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2647",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to \"an external script.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "kaspersky-av-is-sec-bypass(51986)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51986"
                },
                {
                  "name": "35789",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35789"
                },
                {
                  "name": "56351",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/56351"
                },
                {
                  "name": "ADV-2009-1998",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1998"
                },
                {
                  "name": "35978",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35978"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038755",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038755"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2647",
        "datePublished": "2009-07-30T19:00:00.000Z",
        "dateReserved": "2009-07-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:59:56.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3074 (GCVE-0-2006-3074)

    Vulnerability from cvelistv5 – Published: 2006-06-19 10:00 – Updated: 2024-08-07 18:16
    VLAI
    Summary
    klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2006-06-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:16:05.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "kaspersky-klif-dos(27104)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27104"
              },
              {
                "name": "kaspersky-multiple-klif-dos(34875)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34875"
              },
              {
                "name": "18341",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18341"
              },
              {
                "name": "1018257",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018257"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=4"
              },
              {
                "name": "ADV-2007-2145",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2145"
              },
              {
                "name": "24491",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24491"
              },
              {
                "name": "ADV-2006-2333",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2333"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kaspersky.com/technews?id=203038695"
              },
              {
                "name": "25603",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25603"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rootkit.com/board.php?did=edge726\u0026closed=0\u0026lastx=15"
              },
              {
                "name": "20070615 Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/471453/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
              },
              {
                "name": "20629",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/20629"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=7"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.rootkit.com/newsread.php?newsid=726"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "kaspersky-klif-dos(27104)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27104"
            },
            {
              "name": "kaspersky-multiple-klif-dos(34875)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34875"
            },
            {
              "name": "18341",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18341"
            },
            {
              "name": "1018257",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018257"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=4"
            },
            {
              "name": "ADV-2007-2145",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2145"
            },
            {
              "name": "24491",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24491"
            },
            {
              "name": "ADV-2006-2333",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2333"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kaspersky.com/technews?id=203038695"
            },
            {
              "name": "25603",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25603"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rootkit.com/board.php?did=edge726\u0026closed=0\u0026lastx=15"
            },
            {
              "name": "20070615 Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/471453/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
            },
            {
              "name": "20629",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/20629"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=7"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.rootkit.com/newsread.php?newsid=726"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3074",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "kaspersky-klif-dos(27104)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27104"
                },
                {
                  "name": "kaspersky-multiple-klif-dos(34875)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34875"
                },
                {
                  "name": "18341",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18341"
                },
                {
                  "name": "1018257",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018257"
                },
                {
                  "name": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=4",
                  "refsource": "MISC",
                  "url": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=4"
                },
                {
                  "name": "ADV-2007-2145",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2145"
                },
                {
                  "name": "24491",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24491"
                },
                {
                  "name": "ADV-2006-2333",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2333"
                },
                {
                  "name": "http://www.kaspersky.com/technews?id=203038695",
                  "refsource": "CONFIRM",
                  "url": "http://www.kaspersky.com/technews?id=203038695"
                },
                {
                  "name": "25603",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25603"
                },
                {
                  "name": "http://www.rootkit.com/board.php?did=edge726\u0026closed=0\u0026lastx=15",
                  "refsource": "MISC",
                  "url": "http://www.rootkit.com/board.php?did=edge726\u0026closed=0\u0026lastx=15"
                },
                {
                  "name": "20070615 Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/471453/100/0/threaded"
                },
                {
                  "name": "http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php",
                  "refsource": "MISC",
                  "url": "http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
                },
                {
                  "name": "20629",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/20629"
                },
                {
                  "name": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=7",
                  "refsource": "MISC",
                  "url": "http://uninformed.org/index.cgi?v=4\u0026a=4\u0026p=7"
                },
                {
                  "name": "http://www.rootkit.com/newsread.php?newsid=726",
                  "refsource": "MISC",
                  "url": "http://www.rootkit.com/newsread.php?newsid=726"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3074",
        "datePublished": "2006-06-19T10:00:00.000Z",
        "dateReserved": "2006-06-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:16:05.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }