Kaspersky AntiVirus UPX File Decompression Remote Denial of Service Vulnerability
BID:22795
Info
Kaspersky AntiVirus UPX File Decompression Remote Denial of Service Vulnerability
| Bugtraq ID: | 22795 |
| Class: | Design Error |
| CVE: |
CVE-2007-1281 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 02 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | The discoverer of this issue wishes to remain anonymous. |
| Vulnerable: |
Kaspersky Labs Anti-Virus 6.0 Kaspersky Anti-Virus 5.5.10 |
| Not Vulnerable: | |
Discussion
Kaspersky AntiVirus UPX File Decompression Remote Denial of Service Vulnerability
Kaspersky AntiVirus is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause the application to fall into an infinite loop, denying further service to legitimate users.
This issue affects Kaspersky Labs Antivirus Engine version 6.0.1.411 for Windows and 5.5-10 for Linux.
Kaspersky AntiVirus is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause the application to fall into an infinite loop, denying further service to legitimate users.
This issue affects Kaspersky Labs Antivirus Engine version 6.0.1.411 for Windows and 5.5-10 for Linux.
Exploit / POC
Kaspersky AntiVirus UPX File Decompression Remote Denial of Service Vulnerability
An attacker can exploit this issue by sending a specially crafted UPX file to a vulnerable computer.
An attacker can exploit this issue by sending a specially crafted UPX file to a vulnerable computer.
Solution / Fix
Kaspersky AntiVirus UPX File Decompression Remote Denial of Service Vulnerability
Solution:
On February 7, 2007, the vendor released a fix for this issue via the automatic update system. Please contact the vendor for details.
Solution:
On February 7, 2007, the vendor released a fix for this issue via the automatic update system. Please contact the vendor for details.
References
Kaspersky AntiVirus UPX File Decompression Remote Denial of Service Vulnerability
References:
References:
- Kaspersky Homepage (Kaspersky)