Kaspersky Multiple Products 'Bases' Directory Insecure Permissions

This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.


Synopsis :

An antivirus product installed on the remote Windows host has a local
privilege escalation vulnerability.

Description :

The version of either Kaspersky Anti-Virus or Kaspersky Internet
Security installed on the remote host has a local privilege escalation
vulnerability.

The Everyone group has Full Control rights to the 'Bases' directory.
This directory contains antivirus bases, configuration files, and
executable modules used by multiple Kaspersky products.

A local attacker could exploit this to execute arbitrary code with
SYSTEM privileges.

See also :

http://seclists.org/bugtraq/2009/Dec/236

Solution :

Upgrade to one of the following versions :

- Kaspersky Anti-Virus 2010 (9.0.0.736)
- Kaspersky Internet Security 2010 (9.0.0.736)
- Kaspersky Anti-Virus 6.0 for Windows Workstations
(6.0.4.1212)
- Kaspersky Anti-Virus 6.0 for Windows File Servers
(6.0.4.1212)

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 43814 ()

Bugtraq ID: 37354

CVE ID: CVE-2009-4452

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now