// For flags

CVE-2006-3074

Kaspersky Internet Security 6.0 - SSDT Hooks Multiple Local Vulnerabilities

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.

klif.sys en Kaspersky Internet Security v6.0 y v7.0, Kaspersky Anti-Virus (KAV) v6.0 y v7.0, KAV v6.0 para Windows Workstations, y KAV v6.0 para Windows Servers no validan de forma adecuada ciertos parámetros de llamadas al sistema "enganchadas" sobre (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, y (12) NtQueryValueKey, lo que permite a usuarios locales provocar una denegación de servicio (reinicio) a través de un parámetro inválido, como se demostró con el parámetro ClientId sobre NtOpenProcess.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-06-19 CVE Reserved
  • 2006-06-19 CVE Published
  • 2007-06-15 First Exploit
  • 2024-05-09 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Kaspersky
Search vendor "Kaspersky"
Kaspersky Anti-virus
Search vendor "Kaspersky" for product "Kaspersky Anti-virus"
6.0
Search vendor "Kaspersky" for product "Kaspersky Anti-virus" and version "6.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Kaspersky
Search vendor "Kaspersky"
Kaspersky Anti-virus
Search vendor "Kaspersky" for product "Kaspersky Anti-virus"
6.0
Search vendor "Kaspersky" for product "Kaspersky Anti-virus" and version "6.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server
Search vendor "Microsoft" for product "Windows Server"
*-
Safe
Kaspersky
Search vendor "Kaspersky"
Kaspersky Anti-virus
Search vendor "Kaspersky" for product "Kaspersky Anti-virus"
6.0
Search vendor "Kaspersky" for product "Kaspersky Anti-virus" and version "6.0"
-
Affected
Kaspersky
Search vendor "Kaspersky"
Kaspersky Anti-virus
Search vendor "Kaspersky" for product "Kaspersky Anti-virus"
7.0
Search vendor "Kaspersky" for product "Kaspersky Anti-virus" and version "7.0"
-
Affected
Kaspersky
Search vendor "Kaspersky"
Kaspersky Internet Security
Search vendor "Kaspersky" for product "Kaspersky Internet Security"
6.0
Search vendor "Kaspersky" for product "Kaspersky Internet Security" and version "6.0"
-
Affected
Kaspersky
Search vendor "Kaspersky"
Kaspersky Internet Security
Search vendor "Kaspersky" for product "Kaspersky Internet Security"
7.0
Search vendor "Kaspersky" for product "Kaspersky Internet Security" and version "7.0"
-
Affected