Known Vulnerabilities for products from Kaspersky Lab
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Kaspersky Lab".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-15616 json | Not Provided | 2026-03-27 | 2026-03-27 | |
| CVE-2009-4452 json | Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and ... | 6.8 - MEDIUM | 2009-12-29 | 2018-10-10 |
| CVE-2009-0449 json | Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain priv... | 7.2 - HIGH | 2009-02-10 | 2018-10-11 |
| CVE-2008-5426 json | Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and ... | 4.3 - MEDIUM | 2008-12-11 | 2018-10-11 |
| CVE-2008-1518 json | Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local use... | 7.2 - HIGH | 2008-06-05 | 2017-08-08 |
| CVE-2007-5086 json | Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service ... | 2.1 - LOW | 2007-09-26 | 2011-03-08 |
| CVE-2007-5043 json | Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table (SSDT)... | 4.4 - MEDIUM | 2007-09-24 | 2018-10-15 |
| CVE-2007-4206 json | Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets incorrect permissions for application files in certain upg... | 4.4 - MEDIUM | 2007-08-08 | 2017-07-29 |
| CVE-2007-3906 json | Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow at... | 5 - MEDIUM | 2007-07-19 | 2017-07-29 |
| CVE-2007-3675 json | Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Sca... | 9.3 - HIGH | 2007-10-12 | 2017-07-29 |
| CVE-2007-3502 json | Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote a... | 7.5 - HIGH | 2007-06-30 | 2017-07-29 |
| CVE-2007-1881 json | Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Se... | 6.8 - MEDIUM | 2007-04-06 | 2011-03-08 |
| CVE-2007-1880 json | Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus ... | 6.6 - MEDIUM | 2007-04-06 | 2017-07-29 |
| CVE-2007-1879 json | The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security... | 9.3 - HIGH | 2007-04-06 | 2017-07-29 |
| CVE-2007-1281 json | Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (C... | 7.8 - HIGH | 2007-03-06 | 2017-07-29 |
| CVE-2007-1112 json | Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll)... | 10 - HIGH | 2007-04-06 | 2018-10-16 |
| CVE-2007-0445 json | Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations... | 10 - HIGH | 2007-04-06 | 2018-10-16 |
| CVE-2007-0125 json | Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering... | 5 - MEDIUM | 2007-01-09 | 2017-07-29 |
| CVE-2006-6408 json | Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid cha... | 5 - MEDIUM | 2006-12-10 | 2018-10-17 |
| CVE-2006-4926 json | The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kas... | 7.2 - HIGH | 2006-10-20 | 2018-10-17 |