Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3074

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3074
Last Modified 11 Oct 2011 12:00:00
Published 19 Jun 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3074

Summary

klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.

Vulnerable Systems

Application

  • Kaspersky Anti-virus 6.0

  • Kaspersky Anti-virus 7.0

  • Kaspersky Internet Security 6.0

  • Kaspersky Internet Security 7.0


References

XF - kaspersky-multiple-klif-dos(34875)

XF - kaspersky-klif-dos(27104)

VUPEN - ADV-2007-2145

VUPEN - ADV-2006-2333

SECTRACK - 1018257

BID - 24491

BID - 18341

BUGTRAQ - 20070615 Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability

MISC - http://www.rootkit.com/newsread.php?newsid=726

MISC - http://www.rootkit.com/board.php?did=edge726&closed=0&lastx=15

MISC - http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php

CONFIRM - http://www.kaspersky.com/technews?id=203038695

MISC - http://uninformed.org/index.cgi?v=4&a=4&p=7

MISC - http://uninformed.org/index.cgi?v=4&a=4&p=4

SECUNIA - 25603

SECUNIA - 20629


Last Updated: 27 May 2016 10:42:52