Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.800979
Kategorie:Privilege escalation
Titel:Kaspersky Products Privilege Escalation Vulnerability
Zusammenfassung:This host is installed with Kaspersky Products and is prone; to Privilege Escalation vulnerability.
Beschreibung:Summary:
This host is installed with Kaspersky Products and is prone
to Privilege Escalation vulnerability.

Vulnerability Insight:
This flaw occurs due to insecure permissions (Everyone/Full Control)
applied on the BASES folder which contains configuration files,
antivirus bases and executable modules.

Vulnerability Impact:
Local attackers can exploit this issue to replace some files (.kdl files)
by malicious file (corrupted .dll files) and execute arbitrary code with
SYSTEM privileges.

Affected Software/OS:
Kaspersky Anti-Virus 7, 2009, 2009 prior to 9.0.0.736
Kaspersky Internet Security 7, 2009, 2009 prior to 9.0.0.736
Kaspersky Anti-Virus 5.0, 6.0 for Windows Workstations prior to 6.0.4.1212
Kaspersky Anti-Virus 6.0 for Windows File Servers prior to 6.0.4.1212

Solution:
Upgrade to latest version of appropriate product,
Kaspersky Anti-Virus/Internet Security 2009 (9.0.0.736)
Kaspersky Anti-Virus for Windows Workstations/File Servers 6.0 (6.0.4.1212)

CVSS Score:
6.8

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C

Querverweis: BugTraq ID: 37354
Common Vulnerability Exposure (CVE) ID: CVE-2009-4452
Bugtraq: 20091216 Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/508508/100/0/threaded
http://www.exploit-db.com/exploits/10484
http://www.securitytracker.com/id?1023366
http://www.securitytracker.com/id?1023367
http://secunia.com/advisories/37398
http://secunia.com/advisories/37730
http://www.vupen.com/english/advisories/2009/3573
CopyrightCopyright (C) 2010 Greenbone Networks GmbH

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.