Heap Overflow in Kaspersky Anti-Virus Products Due to Integer Overflow in klif.sys
CVE-2007-1880

Currently unrated

Key Information:

Vendor

kaspersky
Status
Kaspersky Anti-virus
Kaspersky Internet Security
Vendor
CVE Published:
6 April 2007

What is CVE-2007-1880?

The vulnerability arises from an integer overflow in the _NtSetValueKey function within klif.sys, affecting Kaspersky Anti-Virus and Internet Security products. This flaw permits an attacker to craft a malicious request with an excessively large, unsigned data size argument. As a result, this can lead to a heap overflow, enabling the execution of arbitrary code. The issue is present in versions prior to Maintenance Pack 2 build 6.0.2.614, potentially exposing users to security risks if unaddressed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.osvdb.org/33851
vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/23326
vdb-entryx_refsource_BID
http://secunia.com/advisories/24778
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.