Local Privilege Escalation in Kaspersky Anti-Virus and Internet Security Products
CVE-2009-4452

Currently unrated

Key Information:

Vendor

kaspersky
Status
Kaspersky Anti-virus Personal
Kaspersky Anti-virus 2009
Kaspersky Anti-virus
Kaspersky Anti-virus 2010
Vendor
CVE Published:
29 December 2009

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2009-4452?

The vulnerability exists due to weak permissions set on the BASES directory in Kaspersky Anti-Virus and Internet Security products. This misconfiguration allows local users to gain unauthorized SYSTEM privileges by replacing executable files or DLLs with malicious software. Attackers can exploit these weak permissions to install Trojan horses or execute arbitrary code, jeopardizing the security of the affected systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-4452 - Proof of Concept

References

http://www.vupen.com/english/advisories/2009/3573
vdb-entryx_refsource_VUPEN
http://www.securitytracker.com/id?1023366
vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/37730
third-party-advisoryx_refsource_SECUNIA

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.