PT-2007-3226 · Kaspersky · Kaspersky Anti-Virus For Workstations+3
Publicado
2007-04-05
·
Atualizado
2017-07-29
·
CVE-2007-1880
CVSS v2.0
6.6
Média
| Vetor | AV:L/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Kaspersky Anti-Virus versions prior to 6.0.2.614
Kaspersky Anti-Virus for Workstations versions prior to 6.0.2.614
Kaspersky Anti-Virus for File Server 6.0 versions prior to 6.0.2.614
Kaspersky Internet Security 6.0 versions prior to 6.0.2.614
Description:
The issue is related to an integer overflow in the NtSetValueKey function in klif.sys. This allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," resulting in a heap overflow.
Recommendations:
For Kaspersky Anti-Virus versions prior to 6.0.2.614, update to version 6.0.2.614 or later.
For Kaspersky Anti-Virus for Workstations versions prior to 6.0.2.614, update to version 6.0.2.614 or later.
For Kaspersky Anti-Virus for File Server 6.0 versions prior to 6.0.2.614, update to version 6.0.2.614 or later.
For Kaspersky Internet Security 6.0 versions prior to 6.0.2.614, update to version 6.0.2.614 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Kaspersky Anti-Virus
Kaspersky Anti-Virus For Linux File Server
Kaspersky Anti-Virus For Workstations
Kaspersky Internet Security