Vulnerability Description
Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kaspersky Lab | Kaspersky Anti-Virus | 5.0.712 |
| Kaspersky Lab | Kaspersky Anti-Virus 2009 | 8.0.0.454 |
| Kaspersky Lab | Kaspersky Anti-Virus 2010 | 9.0.0.463 |
| Kaspersky Lab | Kaspersky Anti-Virus Personal | 5.0 |
| Kaspersky Lab | Kaspersky Internet Security | 7.0.1.325 |
| Kaspersky Lab | Kaspersky Internet Security 2009 | 8.0.0.506 |
| Kaspersky Lab | Kaspersky Internet Security 2010 | 9.0.0.463 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/37398Vendor Advisory
- http://secunia.com/advisories/37730Vendor Advisory
- http://www.exploit-db.com/exploits/10484Exploit
- http://www.securityfocus.com/archive/1/508508/100/0/threaded
- http://www.securitytracker.com/id?1023366
- http://www.securitytracker.com/id?1023367
- http://www.vupen.com/english/advisories/2009/3573Vendor Advisory
- http://secunia.com/advisories/37398Vendor Advisory
- http://secunia.com/advisories/37730Vendor Advisory
- http://www.exploit-db.com/exploits/10484Exploit
- http://www.securityfocus.com/archive/1/508508/100/0/threaded
- http://www.securitytracker.com/id?1023366
- http://www.securitytracker.com/id?1023367
- http://www.vupen.com/english/advisories/2009/3573Vendor Advisory
FAQ
What is CVE-2009-4452?
CVE-2009-4452 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and ...
How severe is CVE-2009-4452?
CVE-2009-4452 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4452?
Check the references section above for vendor advisories and patch information. Affected products include: Kaspersky Lab Kaspersky Anti-Virus, Kaspersky Lab Kaspersky Anti-Virus 2009, Kaspersky Lab Kaspersky Anti-Virus 2010, Kaspersky Lab Kaspersky Anti-Virus Personal, Kaspersky Lab Kaspersky Internet Security.