Unrated severityNVD Advisory· Published Nov 30, 2009· Updated Apr 23, 2026

CVE-2009-4114

Description

kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other versions before 9.0.0.736, does not properly validate input to IOCTL 0x0022c008, which allows local users to cause a denial of service (system crash) via IOCTL requests using crafted kernel addresses that trigger memory corruption, possibly related to klavemu.kdl.

Affected products

Kaspersky/Kaspersky Anti Virus
cpe:2.3:a:kaspersky:kaspersky_anti-virus:9.0.0.463:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sysdream.com/article.phpnvdExploit
www.securityfocus.com/bid/37044nvdExploit
www.securitytracker.com/idnvdExploit
secunia.com/advisories/37398nvdVendor Advisory
www.vupen.com/english/advisories/2009/3286nvdVendor Advisory
osvdb.org/60207nvd
www.securityfocus.com/archive/1/507933/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/54309nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000