Kaspersky Anti-Virus 2010 'kl1.sys' Driver DoS Vulnerability Network Vulnerability

Summary

The host is installed with Kaspersky Anti-Virus 2010 and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary code with elevated privileges or cause the kernel to crash. Impact Level: System/Application

Solution

Update to version 9.0.0.736 or later, For updates refer to http://www.kaspersky.com/downloads

Insight

The flaw is due to NULL pointer dereference in 'kl1.sys' driver via a specially-crafted IOCTL 0x0022c008 call.

Affected

Kaspersky Anti-Virus 2010 before 9.0.0.736 on Windows.

References

http://secunia.com/advisories/37398
http://www.securityfocus.com/archive/1/archive/1/507933/100/0/threaded
http://xforce.iss.net/xforce/xfdb/54309

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4114

CVSS	Base Score: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

ClamAV Recursion Level Handling Denial of Service Vulnerability (Windows)
ClamAV 'parseicon()' Denial Of Service Vulnerability
Apple Safari Denial of Service Vulnerability (Win) - Apr09
COWON Media Center JetAudio .wav File Denial Of Service Vulnerability
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Linux)

Take action and discover your vulnerabilities