CVE-2016-4304
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability.
Existe una vulnerabilidad de denegación de servicio en la funcionalidad de filtrado syscall del controlador de Kaspersky Internet Security KLIF. Una petición de llamada api nativa especialmente manipulada puede provocar una excepción de violación de acceso en el controlador del kernel de KLIF resultando en una denegación de servicio local. Un atacante puede ejecutar el programa desde el modo de usuario para desencadenar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-04-27 CVE Reserved
- 2017-01-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-284: Improper Access Control
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://securitytracker.com/id/1036702 | Third Party Advisory | |
http://www.securitytracker.com/id/1036702 | Vdb Entry | |
http://www.securitytracker.com/id/1036703 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://www.talosintelligence.com/reports/TALOS-2016-0166 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kaspersky Search vendor "Kaspersky" | Internet Security Search vendor "Kaspersky" for product "Internet Security" | 16.0.0 Search vendor "Kaspersky" for product "Internet Security" and version "16.0.0" | - |
Affected
|