| Vulnerability Name: | CVE-2006-3074 (CCN-27104) | ||||||||
| Assigned: | 2006-06-14 | ||||||||
| Published: | 2006-06-14 | ||||||||
| Updated: | 2018-10-18 | ||||||||
| Summary: | klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-3074 Source: CCN Type: SA20629 Kaspersky Anti-Virus "klif.sys" Denial of Service Vulnerability Source: SECUNIA Type: Vendor Advisory 20629 Source: CCN Type: SA25603 Kaspersky AntiVirus klif.sys Hooked Functions Denial of Service Source: SECUNIA Type: Vendor Advisory 25603 Source: CCN Type: SECTRACK ID: 1018257 Kaspersky Internet Security `klif.sys` Driver Lets Local Users Deny Service Source: CCN Type: Uninformed Web site Kaspersky Internet Security Suite 5.0 Source: MISC Type: UNKNOWN http://uninformed.org/index.cgi?v=4&a=4&p=4 Source: MISC Type: UNKNOWN http://uninformed.org/index.cgi?v=4&a=4&p=7 Source: CCN Type: Kaspersky Lab Web site Kaspersky Antivirus Software Products for Home Computer Security Source: CONFIRM Type: UNKNOWN http://www.kaspersky.com/technews?id=203038695 Source: MISC Type: UNKNOWN http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php Source: CCN Type: OSVDB ID: 37989 Kaspersky Internet Security Multiple Hooked SSDT Functions Local Privilege Escalation Source: CCN Type: OSVDB ID: 41173 Kaspersky Anti-Virus klif.sys Multiple Hooked System Calls Local DoS Source: MISC Type: UNKNOWN http://www.rootkit.com/board.php?did=edge726&closed=0&lastx=15 Source: MISC Type: UNKNOWN http://www.rootkit.com/newsread.php?newsid=726 Source: BUGTRAQ Type: UNKNOWN 20070615 Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability Source: BID Type: UNKNOWN 18341 Source: CCN Type: BID-18341 Kaspersky Internet Security Suite Multiple Local Vulnerabilities Source: BID Type: UNKNOWN 24491 Source: CCN Type: BID-24491 Kaspersky Internet Security 6 SSDT Hooks Multiple Local Vulnerabilities Source: SECTRACK Type: UNKNOWN 1018257 Source: VUPEN Type: Vendor Advisory ADV-2006-2333 Source: VUPEN Type: Vendor Advisory ADV-2007-2145 Source: XF Type: UNKNOWN kaspersky-klif-dos(27104) Source: XF Type: UNKNOWN kaspersky-klif-dos(27104) Source: XF Type: UNKNOWN kaspersky-multiple-klif-dos(34875) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||