Lucene search

[email protected]CVE-2016-4305

HistoryJan 06, 2017 - 9:59 p.m.

CVE-2016-4305

2017-01-0621:59:01

CWE-284

[email protected]

web.nvd.nist.gov

cve-2016-4305

denial of service

kaspersky

klif driver

syscall filtering

access violation

vulnerability

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability.

Affected configurations

NVD

Node

kasperskyinternet_securityMatch16.0.0

CPENameOperatorVersion
kaspersky:internet_securitykaspersky internet securityeq16.0.0

CPE	Name	Operator	Version
kaspersky:internet_security	kaspersky internet security	eq	16.0.0

CNA Affected

[
  {
    "product": "Internet Security",
    "vendor": "Kaspersky",
    "versions": [
      {
        "status": "affected",
        "version": "16.0.0, KLIF driver version 10.0.0.1532"
      }
    ]
  }
]