CVE-2007-1881

Kaspersky Anti-Virus <6.0.2.614 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1881. PoCs published by MaD.

AI-analyzed exploit summary This exploit targets a local privilege escalation vulnerability in Kaspersky Anti-Virus 6.0 by manipulating the Interrupt Descriptor Table (IDT) to execute shellcode in ring-0. The shellcode creates a file at C:\Hello.txt with the content 'Hello from ring-0! :)'.

Description

Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MaD · clocalwindows

https://www.exploit-db.com/exploits/3131

View Code ZIP pw:eip

This exploit targets a local privilege escalation vulnerability in Kaspersky Anti-Virus 6.0 by manipulating the Interrupt Descriptor Table (IDT) to execute shellcode in ring-0. The shellcode creates a file at C:\Hello.txt with the content 'Hello from ring-0! :)'.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Kaspersky Anti-Virus 6.0

No auth needed

Prerequisites: Kaspersky Anti-Virus 6.0 installed · Windows 2000 or Windows XP

MITRE ATT&CK