Search criteria
6 vulnerabilities found for kaspersky_antivirus_engine by kaspersky_lab
FKIE_CVE-2007-1281
Vulnerability from fkie_nvd - Published: 2007-03-06 01:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | all_windows | abstract_cpe | |
| kaspersky_lab | kaspersky_antivirus_engine | 6.0.1.411 | |
| linux | linux_kernel | * | |
| kaspersky_lab | kaspersky_antivirus_engine | 5.5.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:all_windows:abstract_cpe:*:*:*:*:*:*:*",
"matchCriteriaId": "595E948E-30B9-4E08-B7A7-73AFD1C29FA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky_lab:kaspersky_antivirus_engine:6.0.1.411:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEAD0D1-CA5E-4B27-9A36-5614F4FDF4F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:ia32_64-bit:*:*:*:*:*",
"matchCriteriaId": "4F8CD59E-22A6-4B56-8834-B8A18FBC1A7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky_lab:kaspersky_antivirus_engine:5.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FFFF2C-7C8F-42EE-8B37-AAB833112B16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression."
},
{
"lang": "es",
"value": "Kaspersky AntiVirus Engine 6.0.1.411 para Windows y 5.5-10 para Linux permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de CPU) mediante un archivo comprimido con UPX manipulado con un desplazamiento (offset) negativo, lo cual dispara un bucle infinito durante la extracci\u00f3n."
}
],
"id": "CVE-2007-1281",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-06T01:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=485"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24391"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22795"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017718"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0810"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32797"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-0125
Vulnerability from fkie_nvd - Published: 2007-01-09 02:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kaspersky_lab | kaspersky_antivirus_engine | 5.5.10 | |
| kaspersky_lab | kaspersky_antivirus_engine | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kaspersky_lab:kaspersky_antivirus_engine:5.5.10:*:linux:*:*:*:*:*",
"matchCriteriaId": "868D3AE3-C5DB-423F-A04D-1D0AC53E3BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kaspersky_lab:kaspersky_antivirus_engine:6.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "05020E5F-D57F-408E-8D47-7F8A1FDA69EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file."
},
{
"lang": "es",
"value": "Kaspersky Labs Antivirus Engine 6.0 para Windows y 5.5-10 para Linux anterior al 02/01/2007 entran en un bucle infinito tras encontrar un valor NumberOfRvaAndSizes inv\u00e1lido en la Cabecera Opcional de Windows (Optional Windows Header) de un ejecutable port\u00e1til (Portable Executable o PE), lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) con el escaneo de un archivo PE manipulado."
}
],
"id": "CVE-2007-0125",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-09T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/32588"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23575"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017476"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21901"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0067"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/32588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31315"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-1281 (GCVE-0-2007-1281)
Vulnerability from cvelistv5 – Published: 2007-03-06 01:00 – Updated: 2024-08-07 12:50
VLAI?
Summary
Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24391"
},
{
"name": "kaspersky-upx-dos(32797)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32797"
},
{
"name": "1017718",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017718"
},
{
"name": "22795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22795"
},
{
"name": "20070302 Kaspersky AntiVirus UPX File Decompression DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=485"
},
{
"name": "ADV-2007-0810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0810"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24391"
},
{
"name": "kaspersky-upx-dos(32797)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32797"
},
{
"name": "1017718",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017718"
},
{
"name": "22795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22795"
},
{
"name": "20070302 Kaspersky AntiVirus UPX File Decompression DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=485"
},
{
"name": "ADV-2007-0810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0810"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24391"
},
{
"name": "kaspersky-upx-dos(32797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32797"
},
{
"name": "1017718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017718"
},
{
"name": "22795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22795"
},
{
"name": "20070302 Kaspersky AntiVirus UPX File Decompression DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=485"
},
{
"name": "ADV-2007-0810",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0810"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1281",
"datePublished": "2007-03-06T01:00:00",
"dateReserved": "2007-03-05T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0125 (GCVE-0-2007-0125)
Vulnerability from cvelistv5 – Published: 2007-01-09 02:00 – Updated: 2024-08-07 12:03
VLAI?
Summary
Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070105 Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459"
},
{
"name": "kaspersky-antivirus-pe-dos(31315)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31315"
},
{
"name": "23575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23575"
},
{
"name": "ADV-2007-0067",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0067"
},
{
"name": "32588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32588"
},
{
"name": "21901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21901"
},
{
"name": "1017476",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070105 Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459"
},
{
"name": "kaspersky-antivirus-pe-dos(31315)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31315"
},
{
"name": "23575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23575"
},
{
"name": "ADV-2007-0067",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0067"
},
{
"name": "32588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32588"
},
{
"name": "21901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21901"
},
{
"name": "1017476",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017476"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070105 Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459"
},
{
"name": "kaspersky-antivirus-pe-dos(31315)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31315"
},
{
"name": "23575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23575"
},
{
"name": "ADV-2007-0067",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0067"
},
{
"name": "32588",
"refsource": "OSVDB",
"url": "http://osvdb.org/32588"
},
{
"name": "21901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21901"
},
{
"name": "1017476",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017476"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0125",
"datePublished": "2007-01-09T02:00:00",
"dateReserved": "2007-01-08T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1281 (GCVE-0-2007-1281)
Vulnerability from nvd – Published: 2007-03-06 01:00 – Updated: 2024-08-07 12:50
VLAI?
Summary
Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24391"
},
{
"name": "kaspersky-upx-dos(32797)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32797"
},
{
"name": "1017718",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017718"
},
{
"name": "22795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22795"
},
{
"name": "20070302 Kaspersky AntiVirus UPX File Decompression DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=485"
},
{
"name": "ADV-2007-0810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0810"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24391"
},
{
"name": "kaspersky-upx-dos(32797)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32797"
},
{
"name": "1017718",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017718"
},
{
"name": "22795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22795"
},
{
"name": "20070302 Kaspersky AntiVirus UPX File Decompression DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=485"
},
{
"name": "ADV-2007-0810",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0810"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24391"
},
{
"name": "kaspersky-upx-dos(32797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32797"
},
{
"name": "1017718",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017718"
},
{
"name": "22795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22795"
},
{
"name": "20070302 Kaspersky AntiVirus UPX File Decompression DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=485"
},
{
"name": "ADV-2007-0810",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0810"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1281",
"datePublished": "2007-03-06T01:00:00",
"dateReserved": "2007-03-05T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0125 (GCVE-0-2007-0125)
Vulnerability from nvd – Published: 2007-01-09 02:00 – Updated: 2024-08-07 12:03
VLAI?
Summary
Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070105 Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459"
},
{
"name": "kaspersky-antivirus-pe-dos(31315)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31315"
},
{
"name": "23575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23575"
},
{
"name": "ADV-2007-0067",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0067"
},
{
"name": "32588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32588"
},
{
"name": "21901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21901"
},
{
"name": "1017476",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070105 Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459"
},
{
"name": "kaspersky-antivirus-pe-dos(31315)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31315"
},
{
"name": "23575",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23575"
},
{
"name": "ADV-2007-0067",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0067"
},
{
"name": "32588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32588"
},
{
"name": "21901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21901"
},
{
"name": "1017476",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017476"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070105 Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459"
},
{
"name": "kaspersky-antivirus-pe-dos(31315)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31315"
},
{
"name": "23575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23575"
},
{
"name": "ADV-2007-0067",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0067"
},
{
"name": "32588",
"refsource": "OSVDB",
"url": "http://osvdb.org/32588"
},
{
"name": "21901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21901"
},
{
"name": "1017476",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017476"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0125",
"datePublished": "2007-01-09T02:00:00",
"dateReserved": "2007-01-08T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}