KLA10945 Information leak and denial of service vulnerabilities in Kaspersky products

Multiple serious vulnerabilities have been found in Kaspersky products. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information.

Below is a complete list of vulnerabilities:

1. Multiple information leaks in different IOCTL handlers of Kaspersky Internet Security KLDISK driver can be exploited locally via a specially designed IOCTL requests to return out-of-bounds kernel memory and possibly obtain sensitive information as a result;
2. Vulnerabilities in syscall filtering functionality of Kaspersky Internet Security KLIF driver can be expoited locally via a specially designed native api call to cause an access violation resulting in a denial of service.

Technical details

All vulnerabilities can be exploited only in case machine already contains a malicious program.

Original advisories

Kaspersky Lab Advisory

Related products

Kaspersky-Internet-Security

Kaspersky-Anti-Virus

CVE list

CVE-2016-4306 warning

CVE-2016-4305 warning

CVE-2016-4304 warning

Solution

Update to the latest versionsDownload Kaspersky Internet SecurityDownload Kaspersky Anti-Virus

Download Kaspersky Total Security

Impacts

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

• Kaspersky Internet Security 2016 (16.0.0.614) Kaspersky Anti-Virus 2016 (16.0.0.614) Kaspersky Total Security 2016 (16.0.0.614)