Kaspersky Internet Security 6 SSDT Hooks Multiple Local Vulnerabilities
TITLE: Kaspersky Internet Security 6 SSDT Hooks Multiple Local Vulnerabilities
CLASS: Boundary Condition Error
CVE:
REMOTE: No
LOCAL: Yes
PUBLISHED: Jun 15 2007 12:00AM
UPDATE: Jun 15 2007 12:00AM
CREDIT: Matousec Transparent Security Research discovered these vulnerabilities.
VULNERABLE:
Kaspersky Labs Internet Security 6.0.2 .621NOT VULNERABLE:
Kaspersky Labs Internet Security 6.0.2 .614
Vai alla pagina originale su Security Focus
Discussion
Kaspersky Internet Security 6 is prone to multiple local vulnerabilities.
Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.
Kaspersky Internet Security 6.0.2.614 and 6.0.2.621 are vulnerable; other versions may also be affected.
NOTE: These issues may be related to BID 23326 (Kaspersky Internet Security Suite Klif.SYS Drive Local Heap Overflow Vulnerability), but this has not been confirmed. If we find that this BID is a duplicate, we will retire it and merge its information into BID 23326.
Exploit
The following exploit code is available:
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- Kaspersky Internet Security Product Page (Kaspersky Labs)
- Kaspersky Multiple insufficient argument validation of hooked SSDT function Vuln (Matousec - Transparent security Research