vendor:
Kaspersky Anti-Virus
by:
ShineShadow Security
7.2
CVSS
HIGH
Local Privilege Escalation
264
CWE
Product Name: Kaspersky Anti-Virus
Affected Version From: Kaspersky Anti-Virus 5.0 for Windows Workstations (5.0.712)
Affected Version To: Kaspersky Internet Security 2010 (9.0.0.463)
Patch Exists: Yes
Related CWE: CVE-2009-1512
CPE: 2.3:a:kaspersky_lab:kaspersky_anti-virus
Metasploit:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009
Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability
Insecure permissions have been detected in multiple Kaspersky Lab antivirus products, allowing an unprivileged user to replace some files (for example, executable modules) in the BASES folder with a malicious file and execute arbitrary code with SYSTEM privileges. This is a local privilege escalation vulnerability.
Mitigation:
Kaspersky Lab has released a patch to address this vulnerability. Users should update their software to the latest version.