CVE-2005-1905

Kaspersky Labs Anti-Virus <5.0.335 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1905. PoCs published by Ilya Rabinovich.

AI-analyzed exploit summary This exploit targets a vulnerability in Kaspersky Anti-Virus (KAV) versions 5.0.227, 5.0.228, and 5.0.335 by injecting shellcode into kernel memory to bypass protection mechanisms. It leverages the klif.sys driver to execute arbitrary code in ring0.

Description

The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and 5.0.335 on Windows 2000 allows local users to gain privileges by modifying certain critical code addresses that are later accessed by privileged programs.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ilya Rabinovich · c++localwindows

https://www.exploit-db.com/exploits/1032

View Code ZIP pw:eip

This exploit targets a vulnerability in Kaspersky Anti-Virus (KAV) versions 5.0.227, 5.0.228, and 5.0.335 by injecting shellcode into kernel memory to bypass protection mechanisms. It leverages the klif.sys driver to execute arbitrary code in ring0.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Kaspersky Anti-Virus 5.0.227, 5.0.228, 5.0.335

No auth needed

Prerequisites: Kaspersky Anti-Virus 5.0.227, 5.0.228, or 5.0.335 installed · Access to the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/13878

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111817777430401&w=2

Scores

EPSS 0.0015

EPSS Percentile 35.2%

Details

Status published

Products (6)

kaspersky_lab/kaspersky_anti-virus 5.0.227

kaspersky_lab/kaspersky_anti-virus 5.0.228

kaspersky_lab/kaspersky_anti-virus 5.0.335

kaspersky_lab/kaspersky_anti-virus_personal 5.0.227

kaspersky_lab/kaspersky_anti-virus_personal 5.0.228

kaspersky_lab/kaspersky_anti-virus_personal 5.0.325

Published Jun 09, 2005

Tracked Since Feb 18, 2026