Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5086

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2007-5086
Last Modified 07 Mar 2011 10:00:03
Published 26 Sep 2007 06:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-5086

Summary

Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks. NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1. NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that "it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms."

Vulnerable Systems

Application

  • Kaspersky Lab Kaspersky Anti-virus

  • Kaspersky Lab Kaspersky Internet Security 7.0 Build125


References

VUPEN - ADV-2007-3259

MISC - http://www.rootkit.com/newsread.php?newsid=778

CONFIRM - http://www.kaspersky.com/technews?id=203038706

SECUNIA - 26887

OSVDB - 37990


Last Updated: 27 May 2016 10:46:04