Kaspersky Anti-Virus < 6.0.2.614 Multiple Vulnerabilities

critical Nessus Plugin ID 25021

Synopsis

The remote Windows host contains an application that is prone to various issues.

Description

The version of the Kaspersky antivirus product installed on the remote host may be affected by buffer overflow, privilege escalation, and information disclosure vulnerabilities, depending on the actual product installed.

Solution

If using Kaspersky Anti-Virus / Kaspersky Internet Security, upgrade to build 6.0.2.614 or later.

If using Kaspersky Anti-Virus for Windows File Servers / Kaspersky Anti-Virus for Windows Workstation, upgrade to version 6.0 or later.

See Also

http://www.nessus.org/u?8d1fc561

http://www.nessus.org/u?09f76718

https://seclists.org/bugtraq/2007/Apr/104

https://seclists.org/bugtraq/2007/Apr/105

https://www.zerodayinitiative.com/advisories/ZDI-07-013/

https://www.zerodayinitiative.com/advisories/ZDI-07-014/

http://www.nessus.org/u?b44c0d6c

http://www.nessus.org/u?ce1089e5

Plugin Details

Severity: Critical

ID: 25021

File Name: kaspersky_av6_mult_vulns.nasl

Version: 1.21

Type: local

Agent: windows

Family: Windows

Published: 4/10/2007

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:kaspersky_lab:kaspersky_anti-virus

Required KB Items: Antivirus/Kaspersky/installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/4/2007

Vulnerability Publication Date: 4/4/2007

Reference Information

CVE: CVE-2007-0445, CVE-2007-1112, CVE-2007-1879, CVE-2007-1880, CVE-2007-1881

BID: 23325, 23326, 23345, 23346