[Japanese]

JVNDB-2012-000019

Kingsoft Internet Security 2011 vulnerable to denial-of-service

Overview

Kingsoft Internet Security 2011 contains a denial-of-service (DoS) vulnerability.

Kingsoft Internet Security 2011 contains a vulnerability in the device driver, which may result in a denial-of-service (DoS).

Satoshi TANDA of Fourteenforty Research Institute Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 4.9 (Medium) [IPA Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Complete

Affected Products


KINGSOFT, INC.
  • Kingsoft Internet Security 2011

Note that Kingsoft Internet Security 2012 is not affected by this vulnerability.
Impact

An attacker that can login to the system with the software running may cause a denial-of-service (DoS).
Solution

[Update the Software]
Update to the latest version according to the information provided by the developer.

According to the developer, the automatic update which addresses this vulnerability has been provided since February 20, 2012.
Vendor Information

KINGSOFT, INC.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-0321
References

  1. JVN : JVN#31517714
  2. National Vulnerability Database (NVD) : CVE-2012-0321
Revision History

[2012/03/01]
  Web page was published