CVE-2009-4452

Kaspersky Anti-Virus <9.0.0.463 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4452. PoCs published by Maxim A. Kulakov.

AI-analyzed exploit summary This is a detailed security advisory describing a local privilege escalation vulnerability in multiple Kaspersky Lab products due to insecure permissions on the BASES folder. An attacker can replace executable modules (e.g., DLLs) to achieve SYSTEM-level code execution upon system restart.

Description

Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Maxim A. Kulakov · textlocalwindows
https://www.exploit-db.com/exploits/10484

This is a detailed security advisory describing a local privilege escalation vulnerability in multiple Kaspersky Lab products due to insecure permissions on the BASES folder. An attacker can replace executable modules (e.g., DLLs) to achieve SYSTEM-level code execution upon system restart.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Kaspersky Anti-Virus and Internet Security (versions 5.0 to 2010)
Auth required
Prerequisites: Local access to the system · Valid logon credentials · Ability to bypass Kaspersky's self-defense mechanism
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3573
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023366
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37730
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508508/100/0/threaded
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/10484
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37398
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023367

Scores

EPSS 0.0082
EPSS Percentile 52.7%

Details

CWE
CWE-264
Status published
Products (12)
kaspersky_lab/kaspersky_anti-virus 5.0.712
kaspersky_lab/kaspersky_anti-virus 6.0.3.837 (2 CPE variants)
kaspersky_lab/kaspersky_anti-virus 7.0.1.325
kaspersky_lab/kaspersky_anti-virus_2009 8.0.0.454
kaspersky_lab/kaspersky_anti-virus_2010 9.0.0.463
kaspersky_lab/kaspersky_anti-virus_personal 5.0
kaspersky_lab/kaspersky_anti-virus_personal 5.0.227
kaspersky_lab/kaspersky_anti-virus_personal 5.0.228
kaspersky_lab/kaspersky_anti-virus_personal 5.0.325
kaspersky_lab/kaspersky_internet_security 7.0.1.325
... and 2 more
Published Dec 29, 2009
Tracked Since Feb 18, 2026