Buffer Overflow Vulnerability in Kingsoft Antivirus Software
CVE-2010-3396

Currently unrated

Key Information:

Vendor: Kingsoft
Status: Kingsoft Antivirus
Vendor: CVE Published:; 15 September 2010

What is CVE-2010-3396?

A buffer overflow vulnerability exists in the 'kavfm.sys' component of Kingsoft Antivirus versions up to 2010.04.26.648. This flaw allows local users to submit excessively long arguments to the IOCTL 0x80030004 call, potentially enabling them to execute arbitrary code within the context of the affected driver. As a result, unauthorized access and control over the affected system may be achieved, leading to significant security risks.

References

http://www.exploit-db.com/exploits/14987

exploitx_refsource_EXPLOIT-DB

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://secunia.com/advisories/41393

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Sep 15, 2010
Vulnerability Reserved
Sep 15, 2010