CVE-2010-4502

CA Internet Security Suite Plus 2010 - Local Denial of Service and Arbitrary Code Execution via KmxSbx.sys IOCTL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4502. PoCs published by Nikita Tarakanov.

AI-analyzed exploit summary This exploit targets a kernel pool overflow vulnerability in CA Internet Security Suite 2010's KmxSbx.sys driver via IOCTL 0x88000080. It leverages a miscalculated pool allocation to achieve arbitrary code execution in kernel mode, requiring local access.

Description

Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite Plus 2010 allows local users to cause a denial of service (pool corruption) and execute arbitrary code via crafted arguments to the 0x88000080 IOCTL, which triggers a buffer overflow.

Exploits (1)

exploitdb WORKING POC
by Nikita Tarakanov · textlocalwindows
https://www.exploit-db.com/exploits/15624

This exploit targets a kernel pool overflow vulnerability in CA Internet Security Suite 2010's KmxSbx.sys driver via IOCTL 0x88000080. It leverages a miscalculated pool allocation to achieve arbitrary code execution in kernel mode, requiring local access.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: CA Internet Security Suite 2010 (KmxSbx.sys version 6.2.0.22)
No auth needed
Prerequisites: Local access to the target system · CA Internet Security Suite 2010 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3070
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024808
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15624
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42267

Scores

EPSS 0.0116
EPSS Percentile 63.2%

Details

CWE
CWE-189
Status published
Products (1)
ca/internet_security_suite_plus_2010
Published Dec 08, 2010
Tracked Since Feb 18, 2026