Vulnerability CVE-2007-1881

Vulnerability Name:

CVE-2007-1881 (CCN-33605)

Assigned:

2007-04-04

Published:

2007-04-04

Updated:

2011-03-08

Summary:

Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
5.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2007-1881

Source: CCN
Type: SA24778
Kaspersky Products Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
24778

Source: CONFIRM
Type: UNKNOWN
http://www.kaspersky.com/technews?id=203038693

Source: CCN
Type: Kaspersky Anti-Virus and Internet Security Web site
Kaspersky Anti-Virus 6.0, Kaspersky Internet Security 6.0 - 5 vulnerabilities fixed in Maintenance Pack 2.0 build 6.0.2.614

Source: CONFIRM
Type: UNKNOWN
http://www.kaspersky.com/technews?id=203038694

Source: OSVDB
Type: UNKNOWN
33852

Source: CCN
Type: OSVDB ID: 33852
Kaspersky Multiple Products KLIF Local Privilege Escalation

Source: VUPEN
Type: UNKNOWN
ADV-2007-1268

Source: XF
Type: UNKNOWN
kaspersky-klif-privilege-escalation(33605)

Vulnerable Configuration:

Configuration 1:

cpe:/a:kaspersky_lab:kaspersky_anti-virus:6.0:*:*:*:*:*:*:*

OR cpe:/a:kaspersky_lab:kaspersky_anti-virus:*:*:file_servers:*:*:*:*:* (Version <= 6.0)

OR cpe:/a:kaspersky_lab:kaspersky_anti-virus:*:*:workstations:*:*:*:*:* (Version <= 6.0)

OR cpe:/a:kaspersky_lab:kaspersky_internet_security:*:*:*:*:*:*:*:* (Version <= 6.0.1.411)

Configuration CCN 1:

cpe:/a:kaspersky:kaspersky_anti-virus:6.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK