Main Vulnerability Database SB2017082509

SB2017082509 - Multiple vulnerabilities in Kaspersky Internet Security

Published: August 25, 2017 Updated: August 8, 2020

Security Bulletin ID SB2017082509

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Incorrect permission assignment for critical resource (CVE-ID: CVE-2017-12816)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.

2) Missing Encryption of Sensitive Data (CVE-ID: CVE-2017-12817)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.

Remediation

Install update from vendor's website.

SB2017082509 - Multiple vulnerabilities in Kaspersky Internet Security

Breakdown by Severity

Description

Remediation

References