CVE-2007-0125 - Vulnerability Details - OpenCVE

Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kaspersky Lab	Kaspersky Antivirus Engine

Configuration 1 [-]

OR	cpe:2.3:a:kaspersky_lab:kaspersky_antivirus_engine:5.5.10::linux:::::
	cpe:2.3:a:kaspersky_lab:kaspersky_antivirus_engine:6.0::windows:::::

No data.

References

Link	Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459
http://osvdb.org/32588
http://secunia.com/advisories/23575
http://securitytracker.com/id?1017476
http://www.securityfocus.com/bid/21901
http://www.vupen.com/english/advisories/2007/0067
https://exchange.xforce.ibmcloud.com/vulnerabilities/31315

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-09T02:00:00

Updated: 2024-08-07T12:03:37.323Z

Reserved: 2007-01-08T00:00:00

Link: CVE-2007-0125

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-01-09T02:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0125

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070105 Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459"}, {"name": "kaspersky-antivirus-pe-dos(31315)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31315"}, {"name": "23575", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23575"}, {"name": "ADV-2007-0067", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0067"}, {"name": "32588", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32588"}, {"name": "21901", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21901"}, {"name": "1017476", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017476"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0125", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070105 Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459"}, {"name": "kaspersky-antivirus-pe-dos(31315)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31315"}, {"name": "23575", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23575"}, {"name": "ADV-2007-0067", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0067"}, {"name": "32588", "refsource": "OSVDB", "url": "http://osvdb.org/32588"}, {"name": "21901", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21901"}, {"name": "1017476", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017476"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:03:37.323Z"}, "title": "CVE Program Container", "references": [{"name": "20070105 Kaspersky Antivirus Scan Engine PE File Denial of Service Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459"}, {"name": "kaspersky-antivirus-pe-dos(31315)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31315"}, {"name": "23575", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23575"}, {"name": "ADV-2007-0067", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0067"}, {"name": "32588", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32588"}, {"name": "21901", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21901"}, {"name": "1017476", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017476"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0125", "datePublished": "2007-01-09T02:00:00", "dateReserved": "2007-01-08T00:00:00", "dateUpdated": "2024-08-07T12:03:37.323Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kaspersky_lab:kaspersky_antivirus_engine:5.5.10:*:linux:*:*:*:*:*", "matchCriteriaId": "868D3AE3-C5DB-423F-A04D-1D0AC53E3BD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky_lab:kaspersky_antivirus_engine:6.0:*:windows:*:*:*:*:*", "matchCriteriaId": "05020E5F-D57F-408E-8D47-7F8A1FDA69EA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file."}, {"lang": "es", "value": "Kaspersky Labs Antivirus Engine 6.0 para Windows y 5.5-10 para Linux anterior al 02/01/2007 entran en un bucle infinito tras encontrar un valor NumberOfRvaAndSizes inv\u00e1lido en la Cabecera Opcional de Windows (Optional Windows Header) de un ejecutable port\u00e1til (Portable Executable o PE), lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) con el escaneo de un archivo PE manipulado."}], "id": "CVE-2007-0125", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-09T02:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/32588"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23575"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017476"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21901"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0067"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31315"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=459"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32588"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23575"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017476"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/21901"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0067"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31315"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}