First published: Tue Mar 06 2007(Updated: )
Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Windows | =abstract_cpe | |
Kaspersky Antivirus Engine | =6.0.1.411 | |
Linux kernel | ||
Kaspersky Antivirus Engine | =5.5.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2007-1281 has a high severity rating due to its potential to cause denial of service through CPU consumption.
To mitigate CVE-2007-1281, update to a fixed version of Kaspersky AntiVirus Engine that addresses this vulnerability.
CVE-2007-1281 affects Kaspersky AntiVirus Engine versions 6.0.1.411 and 5.5-10.
The impact of CVE-2007-1281 is a denial of service that results from an infinite loop during the decompression of a crafted UPX file.
Yes, CVE-2007-1281 can be exploited remotely, allowing attackers to trigger the denial of service condition.