Exploitation Summary
EIP tracks 1 public exploit for CVE-2009-4452. PoCs published by Maxim A. Kulakov.
AI-analyzed exploit summary This is a detailed security advisory describing a local privilege escalation vulnerability in multiple Kaspersky Lab products due to insecure permissions on the BASES folder. An attacker can replace executable modules (e.g., DLLs) to achieve SYSTEM-level code execution upon system restart.
Description
Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse.
Exploits (1)
This is a detailed security advisory describing a local privilege escalation vulnerability in multiple Kaspersky Lab products due to insecure permissions on the BASES folder. An attacker can replace executable modules (e.g., DLLs) to achieve SYSTEM-level code execution upon system restart.