CVE-2007-1880 — LAB Kaspersky Anti-virus vulnerability

3 documents3 sources

Severity

6.6MEDIUMNVD

EPSS

0.1%

top 77.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kaspersky LAB Kaspersky Anti-virus Kaspersky LAB Kaspersky Internet Security

Timeline

PublishedApr 6

Latest updateMay 1

Description

Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 2.7 | Impact: 10.0

Affected Packages2 packages

▶NVDkaspersky_lab/kaspersky_anti-virus6.0+1

▶NVDkaspersky_lab/kaspersky_internet_security6.0.1.411

🔴Vulnerability Details

GHSA

GHSA-735p-77gm-m958: Integer overflow in the _NtSetValueKey function in klif↗2022-05-01

▶

CVEList

CVE-2007-1880: Integer overflow in the _NtSetValueKey function in klif↗2007-04-06

▶