Internet Security
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12816 | Cri | 0.64 | 9.8 | 0.02 | Aug 25, 2017 | In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | ||
| CVE-2017-12817 | Hig | 0.49 | 7.5 | 0.01 | Aug 25, 2017 | In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. | ||
| CVE-2016-4329 | Med | 0.36 | 5.5 | 0.01 | Jan 6, 2017 | A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism. | ||
| CVE-2016-4307 | Med | 0.36 | 5.5 | 0.01 | Jan 6, 2017 | A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program… | ||
| CVE-2016-4305 | Med | 0.36 | 5.5 | 0.00 | Jan 6, 2017 | A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program… | ||
| CVE-2016-4304 | Med | 0.36 | 5.5 | 0.00 | Jan 6, 2017 | A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An… | ||
| CVE-2009-2966 | 0.04 | — | 0.06 | Aug 25, 2009 | avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters. | |||
| CVE-2006-3074 | 0.04 | — | 0.07 | Jun 19, 2006 | klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4)… | |||
| CVE-2009-4452 | 0.03 | — | 0.01 | Dec 29, 2009 | Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES… | |||
| CVE-2007-1881 | 0.03 | — | 0.01 | Apr 6, 2007 | Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors. | |||
| CVE-2006-4926 | 0.03 | — | 0.01 | Oct 20, 2006 | The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp… | |||
| CVE-2007-0445 | 0.01 | — | 0.09 | Apr 6, 2007 | Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary… | |||
| CVE-2019-15689 | 0.00 | — | 0.01 | Dec 2, 2019 | Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights.… | |||
| CVE-2019-8286 | 0.00 | — | 0.02 | Jul 18, 2019 | Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability… | |||
| CVE-2014-5654 | 0.00 | — | 0.00 | Sep 9, 2014 | The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||
| CVE-2010-5163 | 0.00 | — | 0.00 | Aug 25, 2012 | Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space… | |||
| CVE-2009-2647 | 0.00 | — | 0.02 | Jul 30, 2009 | Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script." | |||
| CVE-2008-5426 | 0.00 | — | 0.01 | Dec 11, 2008 | Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack… | |||
| CVE-2008-1518 | 0.00 | — | 0.00 | Jun 5, 2008 | Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call. | |||
| CVE-2007-5086 | 0.00 | — | 0.00 | Sep 26, 2007 | Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2)… |
- risk 0.64cvss 9.8epss 0.02
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.
- risk 0.49cvss 7.5epss 0.01
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.
- risk 0.36cvss 5.5epss 0.01
A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism.
- risk 0.36cvss 5.5epss 0.01
A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program…
- risk 0.36cvss 5.5epss 0.00
A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program…
- risk 0.36cvss 5.5epss 0.00
A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An…
- CVE-2009-2966Aug 25, 2009risk 0.04cvss —epss 0.06
avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters.
- CVE-2006-3074Jun 19, 2006risk 0.04cvss —epss 0.07
klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4)…
- CVE-2009-4452Dec 29, 2009risk 0.03cvss —epss 0.01
Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES…
- CVE-2007-1881Apr 6, 2007risk 0.03cvss —epss 0.01
Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors.
- CVE-2006-4926Oct 20, 2006risk 0.03cvss —epss 0.01
The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp…
- CVE-2007-0445Apr 6, 2007risk 0.01cvss —epss 0.09
Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary…
- CVE-2019-15689Dec 2, 2019risk 0.00cvss —epss 0.01
Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights.…
- CVE-2019-8286Jul 18, 2019risk 0.00cvss —epss 0.02
Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability…
- CVE-2014-5654Sep 9, 2014risk 0.00cvss —epss 0.00
The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2010-5163Aug 25, 2012risk 0.00cvss —epss 0.00
Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space…
- CVE-2009-2647Jul 30, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script."
- CVE-2008-5426Dec 11, 2008risk 0.00cvss —epss 0.01
Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack…
- CVE-2008-1518Jun 5, 2008risk 0.00cvss —epss 0.00
Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call.
- CVE-2007-5086Sep 26, 2007risk 0.00cvss —epss 0.00
Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2)…
Page 1 of 2