Published: 30/11/2009 Updated: 10/10/2018

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 495

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions prior to 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kaspersky kaspersky anti-virus 9.0.0.463

#include <stdioh> #include <windowsh> #include <winioctlh> #include <stdlibh> #include <stringh> /* Program : Kaspersky Anti-Virus 2010 900463 Homepage : wwwkasperskycom Discovery : 2009/09/29 Author Contacted : 2009/10/01 Found by : Heurs This Advisory : Heurs Contact : sleberre@sysdreamcom //--- ...

CWE-20 http://www.securitytracker.com/id?1023198 http://www.securityfocus.com/bid/37044 http://secunia.com/advisories/37398 http://www.vupen.com/english/advisories/2009/3286 http://sysdream.com/article.php?story_id=323§ion_id=78 http://osvdb.org/60207 https://exchange.xforce.ibmcloud.com/vulnerabilities/54309 http://www.securityfocus.com/archive/1/507933/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/10164/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-4114

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect