Kaspersky Lab Kaspersky Anti-virus — known CVE vulnerabilities
Every CVE whose affected-product data names Kaspersky Lab Kaspersky Anti-virus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2007-0445 — CVSS 10.0 (critical): Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and…
CVE-2007-1112 — CVSS 10.0 (critical): Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b)…
CVE-2005-3142 — CVSS 10.0 (critical): Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and Kaspersky Personal Security Suite 1.1 allows remote attackers to execute…
CVE-2007-1879 — CVSS 9.3 (critical): The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before…
CVE-2006-1091 — CVSS 7.8 (high): Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack…
CVE-2004-0935 — CVSS 7.5 (high): Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both…
CVE-2004-0936 — CVSS 7.5 (high): RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero…
CVE-2004-0937 — CVSS 7.5 (high): Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass…
CVE-2004-1096 — CVSS 7.5 (high): Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus…
CVE-2004-0932 — CVSS 7.5 (high): McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote…
CVE-2004-0933 — CVSS 7.5 (high): Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure…
CVE-2005-3664 — CVSS 7.5 (high): Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux…
CVE-2004-0934 — CVSS 7.5 (high): Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to…
CVE-2006-4926 — CVSS 7.2 (high): The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs…
CVE-2009-0449 — CVSS 7.2 (high): Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an…
CVE-2005-1905 — CVSS 7.2 (high): The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and 5.0.335 on Windows 2000 allows local users to gain privileges by…
CVE-2008-1518 — CVSS 7.2 (high): Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain…
CVE-2005-3663 — CVSS 7.2 (high): Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious…
CVE-2007-1881 — CVSS 6.8 (medium): Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and…
CVE-2007-1880 — CVSS 6.6 (medium): Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File…
CVE-2005-3376 — CVSS 5.1 (medium): Multiple interpretation error in Kaspersky 5.0.372 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML…
CVE-2005-3210 — CVSS 5.1 (medium): Multiple interpretation error in unspecified versions of Kaspersky Antivirus allows remote attackers to bypass virus detection via a…
CVE-2006-6408 — CVSS 5.0 (medium): Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attackers to bypass virus detection by inserting invalid characters into…
CVE-2003-1444 — CVSS 4.4 (medium): Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code…
CVE-2003-1443 — CVSS 4.4 (medium): Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to…
CVE-2005-2582 — CVSS 3.6 (low): Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which…
CVE-2007-5086 — CVSS 2.1 (low): Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor…