Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.800979
Categoría:Privilege escalation
Título:Kaspersky Products Privilege Escalation Vulnerability
Resumen:This host is installed with Kaspersky Products and is prone; to Privilege Escalation vulnerability.
Descripción:Summary:
This host is installed with Kaspersky Products and is prone
to Privilege Escalation vulnerability.

Vulnerability Insight:
This flaw occurs due to insecure permissions (Everyone/Full Control)
applied on the BASES folder which contains configuration files,
antivirus bases and executable modules.

Vulnerability Impact:
Local attackers can exploit this issue to replace some files (.kdl files)
by malicious file (corrupted .dll files) and execute arbitrary code with
SYSTEM privileges.

Affected Software/OS:
Kaspersky Anti-Virus 7, 2009, 2009 prior to 9.0.0.736
Kaspersky Internet Security 7, 2009, 2009 prior to 9.0.0.736
Kaspersky Anti-Virus 5.0, 6.0 for Windows Workstations prior to 6.0.4.1212
Kaspersky Anti-Virus 6.0 for Windows File Servers prior to 6.0.4.1212

Solution:
Upgrade to latest version of appropriate product,
Kaspersky Anti-Virus/Internet Security 2009 (9.0.0.736)
Kaspersky Anti-Virus for Windows Workstations/File Servers 6.0 (6.0.4.1212)

CVSS Score:
6.8

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 37354
Common Vulnerability Exposure (CVE) ID: CVE-2009-4452
Bugtraq: 20091216 Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/508508/100/0/threaded
http://www.exploit-db.com/exploits/10484
http://www.securitytracker.com/id?1023366
http://www.securitytracker.com/id?1023367
http://secunia.com/advisories/37398
http://secunia.com/advisories/37730
http://www.vupen.com/english/advisories/2009/3573
CopyrightCopyright (C) 2010 Greenbone Networks GmbH

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.