Input Validation Flaw in Kaspersky Anti-Virus Software
CVE-2009-4114

Currently unrated

Key Information:

Vendor: Kaspersky
Status: Kaspersky Anti-virus
Vendor: CVE Published:; 30 November 2009

Summary

The kl1.sys file in Kaspersky Anti-Virus 2010 and potentially earlier versions fails to properly validate input for IOCTL request 0x0022c008. This vulnerability allows local users to exploit crafted kernel addresses, leading to memory corruption and inducing a system crash (denial of service). The issue may be linked to the klavemu.kdl component, prompting concerns about system stability and security.

References

http://sysdream.com/article.php?story_id=323&section_id=78

x_refsource_MISC

http://www.vupen.com/english/advisories/2009/3286

vdb-entryx_refsource_VUPEN

http://osvdb.org/60207

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Nov 30, 2009
Vulnerability Reserved
Nov 30, 2009