CVE-2009-2966

Kaspersky Anti-virus - Resource Management Error

Title source: rule

Description

avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Prakhar Prasad · htmldoswindows

https://www.exploit-db.com/exploits/9537

View Code ZIP pw:eip

References (9)

[Exploit] http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0252.html

[Vendor Advisory] http://secunia.com/advisories/36405

[Exploit] http://securityreason.com/achievement_securityalert/66

[Various Sources] http://www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077

[Third Party Advisory, VDB Entry] http://www.osvdb.org/57173

[Exploit] http://www.securityfocus.com/bid/36084

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/52571

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1022754

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1022755

Scores

EPSS 0.0928

EPSS Percentile 92.8%

Details

CWE

CWE-399

Status published

Products (2)

kaspersky/kaspersky_anti-virus 9.0.0.463

kaspersky/kaspersky_internet_security 9.0.0.459

Published Aug 25, 2009

Tracked Since Feb 18, 2026