Lucene search

K
cve[email protected]CVE-2006-3074
HistoryJun 19, 2006 - 10:02 a.m.

CVE-2006-3074

2006-06-1910:02:00
CWE-119
web.nvd.nist.gov
24
kaspersky
internet security
anti-virus
cve
2006
3074
ntcreatekey
ntcreateprocess
ntcreateprocessex
ntcreatesection
ntcreatesymboliclinkobject
ntcreatethread
ntdeletevaluekey
ntloadkey2
ntopenkey
ntopenprocess
ntopensection
ntqueryvaluekey
denial of service

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.4%

klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.

Affected configurations

NVD
Node
kasperskykaspersky_anti-virusMatch6.0
OR
kasperskykaspersky_anti-virusMatch7.0
OR
kasperskykaspersky_internet_securityMatch6.0
OR
kasperskykaspersky_internet_securityMatch7.0
Node
kasperskykaspersky_anti-virusMatch6.0
AND
microsoftwindows
OR
microsoftwindows_server

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.4%

Related for CVE-2006-3074