CVE-2007-0445 — Improper Restriction of Operations within the Bounds of a Memory Buffer in LAB Kaspersky Internet Security

4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

20.3%

top 4.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kaspersky LAB Kaspersky Internet Security Kaspersky LAB Kaspersky Anti-virus

Timeline

PublishedApr 6

Latest updateMay 1

Description

Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDkaspersky_lab/kaspersky_anti-virus6.0

▶NVDkaspersky_lab/kaspersky_internet_security6.0

Patches

Patch: secunia.com ↗Patch: www.kaspersky.com ↗Patch: www.kaspersky.com ↗

🔴Vulnerability Details

GHSA

GHSA-xrhm-4gj9-6xfq: Heap-based buffer overflow in the arj↗2022-05-01

▶

CVEList

CVE-2007-0445: Heap-based buffer overflow in the arj↗2007-04-06

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX - 'mount_smbfs' Local Stack Buffer Overflow↗2007-12-19

▶