Denial of Service Vulnerability in Kaspersky Labs Antivirus Engine for Windows and Linux
CVE-2007-0125

Currently unrated

Key Information:

Vendor: kaspersky
Status: Kaspersky Antivirus Engine
Vendor: CVE Published:; 9 January 2007

Summary

The Kaspersky Labs Antivirus Engine versions 6.0 for Windows and 5.5-10 for Linux prior to January 2, 2007, contain a vulnerability that triggers an infinite loop when encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file. Exploitation of this vulnerability allows remote attackers to exploit the antivirus software through the scanning of specifically crafted PE files, leading to exhaustion of CPU resources and consequently, a denial of service.

References

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

https://exchange.xforce.ibmcloud.com/vulnerabilities/31315

vdb-entryx_refsource_XF

http://secunia.com/advisories/23575

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 9, 2007
Vulnerability Reserved
Jan 8, 2007