Description
Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse.
Affected products
- Kaspersky Lab / kaspersky_anti-virus5.0.712 – 5.0.712
- Kaspersky Lab / kaspersky_anti-virus6.0.3.837 – 6.0.3.837
- Kaspersky Lab / kaspersky_anti-virus6.0.3.837 – 6.0.3.837
- Kaspersky Lab / kaspersky_anti-virus7.0.1.325 – 7.0.1.325
- Kaspersky Lab / kaspersky_anti-virus_20098.0.0.454 – 8.0.0.454
- Kaspersky Lab / kaspersky_anti-virus_20109.0.0.463 – 9.0.0.463
- Kaspersky Lab / kaspersky_anti-virus_personal5.0 – 5.0
- Kaspersky Lab / kaspersky_anti-virus_personal5.0.227 – 5.0.227
- Kaspersky Lab / kaspersky_anti-virus_personal5.0.228 – 5.0.228
- Kaspersky Lab / kaspersky_anti-virus_personal5.0.325 – 5.0.325
- Kaspersky Lab / kaspersky_internet_security7.0.1.325 – 7.0.1.325
- Kaspersky Lab / kaspersky_internet_security_20098.0.0.506 – 8.0.0.506
- Kaspersky Lab / kaspersky_internet_security_20109.0.0.463 – 9.0.0.463
References
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/3573
- MISChttp://www.securitytracker.com/id?1023366
- VENDOR_ADVISORYhttp://secunia.com/advisories/37730
- MISChttp://www.securityfocus.com/archive/1/508508/100/0/threaded
- EXPLOIThttp://www.exploit-db.com/exploits/10484
- VENDOR_ADVISORYhttp://secunia.com/advisories/37398
- MISChttp://www.securitytracker.com/id?1023367