Local Privilege Escalation in Kaspersky Anti-Virus and Internet Security Products
CVE-2009-4452

Currently unrated

Key Information:

Vendor

kaspersky
Status
Kaspersky Anti-virus Personal
Kaspersky Anti-virus 2009
Kaspersky Anti-virus
Kaspersky Anti-virus 2010
Vendor
CVE Published:
29 December 2009

What is CVE-2009-4452?

The vulnerability exists due to weak permissions set on the BASES directory in Kaspersky Anti-Virus and Internet Security products. This misconfiguration allows local users to gain unauthorized SYSTEM privileges by replacing executable files or DLLs with malicious software. Attackers can exploit these weak permissions to install Trojan horses or execute arbitrary code, jeopardizing the security of the affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.vupen.com/english/advisories/2009/3573
vdb-entryx_refsource_VUPEN
http://www.securitytracker.com/id?1023366
vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/37730
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.