Vulnerability CVE-2009-3177


Published: 2009-09-11   Modified: 2012-02-13

Description:
Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2) "Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

Type:

CWE-noinfo

Vendor: Kaspersky
Product: Kaspersky anti-virus scanner 
Version: 7.0;
Product: Kaspersky online scanner 
Version: 7.0;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securitytracker.com/id?1022831
http://www.securityfocus.com/bid/36243
http://secunia.com/advisories/36570
http://intevydis.com/vd-list.shtml

Related CVE
CVE-2019-8286
Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security versions up to 2019 could potentially disclose unique Product ID by forcing victim to visit a specially crafted webpage (for example, via clicking p...
CVE-2018-6291
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.
CVE-2018-6290
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1.
CVE-2018-6289
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.
CVE-2018-6288
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1.
CVE-2017-12823
Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.
CVE-2017-12817
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.
CVE-2017-12816
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.

Copyright 2019, cxsecurity.com

 

Back to Top