ID de Prueba:	1.3.6.1.4.1.25623.1.0.800979
Categoría:	Privilege escalation
Título:	Kaspersky Products Privilege Escalation Vulnerability
Resumen:	Kaspersky Products is prone to a privilege escalation vulnerability.
Descripción:	Summary: Kaspersky Products is prone to a privilege escalation vulnerability. Vulnerability Insight: This flaw occurs due to insecure permissions (Everyone/Full Control) applied on the BASES folder which contains configuration files, antivirus bases and executable modules. Vulnerability Impact: Local attackers can exploit this issue to replace some files (.kdl files) by malicious file (corrupted .dll files) and execute arbitrary code with SYSTEM privileges. Affected Software/OS: Kaspersky Anti-Virus 7, 2009, 2009 prior to 9.0.0.736 Kaspersky Internet Security 7, 2009, 2009 prior to 9.0.0.736 Kaspersky Anti-Virus 5.0, 6.0 for Windows Workstations prior to 6.0.4.1212 Kaspersky Anti-Virus 6.0 for Windows File Servers prior to 6.0.4.1212 Solution: Upgrade to latest version of appropriate product, Kaspersky Anti-Virus/Internet Security 2009 (9.0.0.736) Kaspersky Anti-Virus for Windows Workstations/File Servers 6.0 (6.0.4.1212) CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4452 Bugtraq: 20091216 Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability (Google Search) http://www.securityfocus.com/archive/1/508508/100/0/threaded http://www.exploit-db.com/exploits/10484 http://www.securitytracker.com/id?1023366 http://www.securitytracker.com/id?1023367 http://secunia.com/advisories/37398 http://secunia.com/advisories/37730 http://www.vupen.com/english/advisories/2009/3573
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.