Stack-Based Buffer Overflow in Kaspersky Anti-Virus and Internet Security Products
CVE-2008-1518

Currently unrated

Key Information:

Vendor: kaspersky
Status: Kaspersky Internet Security; Kaspersky Anti-virus
Vendor: CVE Published:; 5 June 2008

Summary

A stack-based buffer overflow vulnerability in the kl1.sys component of Kaspersky Anti-Virus and Internet Security allows local users to escalate privileges by executing the specific IOCTL call 0x800520e8. This flaw presents a significant risk as it can be exploited by users with local access to gain elevated permissions, potentially compromising the security of systems running affected software versions. Users are advised to update their Kaspersky products to mitigate the risk associated with this vulnerability.

References

http://securitytracker.com/id?1020195

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2008/1739

vdb-entryx_refsource_VUPEN

http://www.kaspersky.com/technews?id=203038727

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 5, 2008
Vulnerability Reserved
Mar 25, 2008