Lucene search

[email protected]CVE-2006-3074

HistoryJun 19, 2006 - 10:02 a.m.

CVE-2006-3074

2006-06-1910:02:00

CWE-119

[email protected]

web.nvd.nist.gov

kaspersky

internet security

anti-virus

cve

2006

3074

ntcreatekey

ntcreateprocess

ntcreateprocessex

ntcreatesection

ntcreatesymboliclinkobject

ntcreatethread

ntdeletevaluekey

ntloadkey2

ntopenkey

ntopenprocess

ntopensection

ntqueryvaluekey

denial of service

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

High

EPSS

0.012

Percentile

85.4%

JSON

klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.

Affected configurations

NVD

Node

kasperskykaspersky_anti-virusMatch6.0

kasperskykaspersky_anti-virusMatch7.0

kasperskykaspersky_internet_securityMatch6.0

kasperskykaspersky_internet_securityMatch7.0

Node

kasperskykaspersky_anti-virusMatch6.0

AND

microsoftwindows

microsoftwindows_server

VendorProductVersionCPE
kasperskykaspersky_anti-virus6.0cpe:/a:kaspersky:kaspersky_anti-virus:6.0:::
kasperskykaspersky_internet_security7.0cpe:/a:kaspersky:kaspersky_internet_security:7.0:::
kasperskykaspersky_internet_security6.0cpe:/a:kaspersky:kaspersky_internet_security:6.0:::
kasperskykaspersky_anti-virus7.0cpe:/a:kaspersky:kaspersky_anti-virus:7.0:::

Vendor	Product	Version	CPE
kaspersky	kaspersky_anti-virus	6.0	cpe:/a:kaspersky:kaspersky_anti-virus:6.0:::
kaspersky	kaspersky_internet_security	7.0	cpe:/a:kaspersky:kaspersky_internet_security:7.0:::
kaspersky	kaspersky_internet_security	6.0	cpe:/a:kaspersky:kaspersky_internet_security:6.0:::
kaspersky	kaspersky_anti-virus	7.0	cpe:/a:kaspersky:kaspersky_anti-virus:7.0:::

References

secunia.com/advisories/20629

secunia.com/advisories/25603

uninformed.org/index.cgi?v=4&a=4&p=4

uninformed.org/index.cgi?v=4&a=4&p=7

www.kaspersky.com/technews?id=203038695

www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php

www.rootkit.com/board.php?did=edge726&closed=0&lastx=15

www.rootkit.com/newsread.php?newsid=726

www.securityfocus.com/archive/1/471453/100/0/threaded

www.securityfocus.com/bid/18341

www.securityfocus.com/bid/24491

www.securitytracker.com/id?1018257

www.vupen.com/english/advisories/2006/2333

www.vupen.com/english/advisories/2007/2145

exchange.xforce.ibmcloud.com/vulnerabilities/27104

exchange.xforce.ibmcloud.com/vulnerabilities/34875

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

High

EPSS

0.012

Percentile

85.4%

JSON

Related for CVE-2006-3074

nvd2 cvelist2 prion1 cve1