← back
CVE-2006-3074

CVE-2006-3074

EPSS 7.1%
klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/30192unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/20629http://secunia.com/advisories/25603https://exchange.xforce.ibmcloud.com/vulnerabilities/27104https://exchange.xforce.ibmcloud.com/vulnerabilities/34875http://uninformed.org/index.cgi?v=4&a=4&p=4http://uninformed.org/index.cgi?v=4&a=4&p=7http://www.kaspersky.com/technews?id=203038695http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.phphttp://www.rootkit.com/board.php?did=edge726&closed=0&lastx=15http://www.rootkit.com/newsread.php?newsid=726http://www.securityfocus.com/archive/1/471453/100/0/threadedhttp://www.securityfocus.com/bid/18341