Kaspersky Products Privilege Escalation Vulnerability

Summary
This host is installed with Kaspersky Products and is prone to Privilege Escalation vulnerability.
Impact
Local attackers can exploit this issue to replace some files (.kdl files) by malicious file (corrupted .dll files) and execute arbitrary code with SYSTEM privileges. Impact Level: System/Application
Solution
Upgrade to latest version of appropriate product, Kaspersky Anti-Virus/Internet Security 2009 (9.0.0.736) Kaspersky Anti-Virus for Windows Workstations/File Servers 6.0 (6.0.4.1212) For Updates, Refer http://www.kaspersky.com/productupdates
Insight
This flaw occurs due to insecure permissions (Everyone/Full Control) applied on the BASES folder which contains configuration files, antivirus bases and executable modules.
Affected
Kaspersky Anti-Virus 7, 2009, 2009 prior to 9.0.0.736 Kaspersky Internet Security 7, 2009, 2009 prior to 9.0.0.736 Kaspersky Anti-Virus 5.0, 6.0 for Windows Workstations prior to 6.0.4.1212 Kaspersky Anti-Virus 6.0 for Windows File Servers prior to 6.0.4.1212
References