CVE-2016-4306

2017-01-0621:00:00

certcc

www.cve.org

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.4%

JSON

Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability.

CNA Affected

[
  {
    "product": "Total Security",
    "vendor": "Kaspersky",
    "versions": [
      {
        "status": "affected",
        "version": "16.0.0.614"
      }
    ]
  }
]