Heap-Based Buffer Overflow in Kaspersky Antivirus Products
CVE-2007-0445

Currently unrated

Key Information:

Vendor: kaspersky
Status: Kaspersky Anti-virus; Kaspersky Internet Security
Vendor: CVE Published:; 6 April 2007

Summary

A heap-based buffer overflow vulnerability exists in the arj.ppl module of the OnDemand Scanner in Kaspersky Anti-Virus and related products prior to Maintenance Pack 2 build 6.0.2.614. This flaw allows remote attackers to execute arbitrary code on affected systems by exploiting crafted ARJ archive files. A successful attack could lead to severe data breaches or system compromise, making it essential for users of these affected Kaspersky products to apply relevant updates and patches swiftly to mitigate potential risks.

References

http://www.zerodayinitiative.com/advisories/ZDI-07-013.html

x_refsource_MISC

http://secunia.com/advisories/24778

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id?1017882

vdb-entryx_refsource_SECTRACK

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 6, 2007
Vulnerability Reserved
Jan 23, 2007