VYPR

Internet Security

by Kaspersky Lab

CVEs (24)

  • CVE-2017-12816CriAug 25, 2017
    risk 0.64cvss 9.8epss 0.02

    In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.

  • CVE-2017-12817HigAug 25, 2017
    risk 0.49cvss 7.5epss 0.01

    In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.

  • CVE-2016-4329MedJan 6, 2017
    risk 0.36cvss 5.5epss 0.01

    A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism.

  • CVE-2016-4307MedJan 6, 2017
    risk 0.36cvss 5.5epss 0.01

    A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program…

  • CVE-2016-4305MedJan 6, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program…

  • CVE-2016-4304MedJan 6, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An…

  • CVE-2009-2966Aug 25, 2009
    risk 0.04cvss epss 0.06

    avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters.

  • CVE-2006-3074Jun 19, 2006
    risk 0.04cvss epss 0.07

    klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4)…

  • CVE-2009-4452Dec 29, 2009
    risk 0.03cvss epss 0.01

    Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES…

  • CVE-2007-1881Apr 6, 2007
    risk 0.03cvss epss 0.01

    Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors.

  • CVE-2006-4926Oct 20, 2006
    risk 0.03cvss epss 0.01

    The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp…

  • CVE-2007-0445Apr 6, 2007
    risk 0.01cvss epss 0.09

    Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary…

  • CVE-2019-15689Dec 2, 2019
    risk 0.00cvss epss 0.01

    Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights.…

  • CVE-2019-8286Jul 18, 2019
    risk 0.00cvss epss 0.02

    Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking phishing link). Vulnerability…

  • CVE-2014-5654Sep 9, 2014
    risk 0.00cvss epss 0.00

    The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2010-5163Aug 25, 2012
    risk 0.00cvss epss 0.00

    Race condition in Kaspersky Internet Security 2010 9.0.0.736 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space…

  • CVE-2009-2647Jul 30, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script."

  • CVE-2008-5426Dec 11, 2008
    risk 0.00cvss epss 0.01

    Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack…

  • CVE-2008-1518Jun 5, 2008
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call.

  • CVE-2007-5086Sep 26, 2007
    risk 0.00cvss epss 0.00

    Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2)…

Page 1 of 2