Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0449 β€” Improper Restriction of Operations within the Bounds of a Memory Buffer in LAB Kaspersky Anti-virus

CWE-119 β€” Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
7.2HIGHNVD
EPSS
0.3%
top 45.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Kaspersky LAB Kaspersky Anti-virus
Timeline
PublishedFeb 10
Latest updateMay 2

Description

Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-v9pr-44cq-49hh: Buffer overflow in klim5β†—2022-05-02
β–Ά
CVEList
CVE-2009-0449: Buffer overflow in klim5β†—2009-02-05
β–Ά

πŸ’₯Exploits & PoCs

1
Exploit-DB
Kaspersky (Multiple Products) - 'klim5.sys' Local Privilege Escalation↗2009-02-02
β–Ά

πŸ’¬Community

1
Bugzilla
CVE-2009-1313 Firefox crash in nsTextFrame::ClearTextRun()β†—2009-04-23
β–Ά
CVE-2009-0449 β€” LAB Kaspersky Anti-virus vulnerability | cvebase