Heap-Based Buffer Overflow in KingSoft Antivirus Update Module
CVE-2008-1307

Currently unrated

Key Information:

Vendor: Kingsoft
Status: Antivirus Online Update Module
Vendor: CVE Published:; 12 March 2008

What is CVE-2008-1307?

A heap-based buffer overflow vulnerability exists in the KUpdateObj2 Class ActiveX control within the UpdateOcx2.dll of KingSoft Antivirus Online Update Module version 2007.12.29.29. This flaw allows remote attackers to execute arbitrary code on affected systems by supplying a lengthy argument to the SetUninstallName method, potentially resulting in unauthorized access or manipulation of the target system.

References

http://secunia.com/advisories/29204

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/28172

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/5225

exploitx_refsource_EXPLOIT-DB

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 12, 2008
Vulnerability Reserved
Mar 12, 2008

Kingsoft

What is CVE-2008-1307?

References

EPSS Score

Timeline