Kaspersky Anti-Virus 2010 'kl1.sys' Driver DoS Vulnerability Network Vulnerability

Summary

The host is installed with Kaspersky Anti-Virus 2010 and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary code with elevated privileges or cause the kernel to crash. Impact Level: System/Application

Solution

Update to version 9.0.0.736 or later, For updates refer to http://www.kaspersky.com/downloads

Insight

The flaw is due to NULL pointer dereference in 'kl1.sys' driver via a specially-crafted IOCTL 0x0022c008 call.

Affected

Kaspersky Anti-Virus 2010 before 9.0.0.736 on Windows.

References

http://secunia.com/advisories/37398
http://www.securityfocus.com/archive/1/archive/1/507933/100/0/threaded
http://xforce.iss.net/xforce/xfdb/54309

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4114
CVSS Base Score: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Apple Safari Nested 'object' Tag Remote Denial Of Service vulnerability
Asterisk RTP Text Frames Denial Of Service Vulnerability
ClamAV LZH File Unpacking Denial of Service Vulnerability (Win)
Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability
Crash SMC AP

Take action and discover your vulnerabilities