Vulnerability Name: | CCN-110265 | ||||||
Published: | 2014-05-02 | ||||||
Updated: | 2014-05-02 | ||||||
Summary: | Kaspersky Internet Security could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free within the prremote.dll. By sending a specially-crafted call_table_ref request to the built-in RPC server, an attacker could exploit this vulnerability to execute arbitrary code on the system. | ||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) 6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
| ||||||
CVSS v2 Severity: | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||
Vulnerability Consequences: | Gain Access | ||||||
References: | Source: CCN Type: Kaspersky Web site Kaspersky Internet Security Source: XF Type: UNKNOWN kaspersky-internetsecurity-code-exec(110265) Source: CCN Type: ZDI-14-122 Kaspersky Internet Security prremote.dll Use-After-Free Remote Code Execution Vulnerability | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |