vendor:
Kingsoft Antivirus
by:
void[at]ph4nt0m[dot]org
7.5
CVSS
HIGH
Heap Overflow
119
CWE
Product Name: Kingsoft Antivirus
Affected Version From: 2007,12,29,29
Affected Version To: 2007,12,29,29
Patch Exists: NO
Related CWE: N/A
CPE: a:kingsoft:kingsoft_antivirus:2007,12,29,29
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008
KingSoft UpdateOcx2.dll SetUninstallName() Heap Overflow Exploit
A heap overflow vulnerability exists in KingSoft UpdateOcx2.dll, which is part of the Kingsoft Antivirus Online Update Module. The vulnerability is triggered when a specially crafted SetUninstallName() call is made, which can lead to arbitrary code execution. The vulnerable function is Vul_Func() located at 0x10012278.
Mitigation:
No known mitigation is available.