CVE-2009-0449

Kaspersky Anti-Virus - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0449. PoCs published by Ruben Santamarta.

AI-analyzed exploit summary The provided text describes a local privilege escalation vulnerability in Kaspersky AV products due to inadequate boundary checks, allowing arbitrary code execution with SYSTEM privileges. The writeup references a binary exploit but does not contain actual exploit code.

Description

Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Ruben Santamarta · textlocalwindows
https://www.exploit-db.com/exploits/32771

The provided text describes a local privilege escalation vulnerability in Kaspersky AV products due to inadequate boundary checks, allowing arbitrary code execution with SYSTEM privileges. The writeup references a binary exploit but does not contain actual exploit code.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Theoretical
Target: Kaspersky AV 2008, Kaspersky AV for WorkStations 6.0
Auth required
Prerequisites: Local access to the target system · Presence of vulnerable Kaspersky AV software
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1021661
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500606/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33561
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33788

Scores

EPSS 0.0096
EPSS Percentile 56.8%

Details

CWE
CWE-119
Status published
Products (2)
kaspersky_lab/kaspersky_anti-virus 6.0
kaspersky_lab/kaspersky_anti-virus 2008
Published Feb 10, 2009
Tracked Since Feb 18, 2026