← back
CVE-2006-4926

CVE-2006-4926

EPSS 1.3%
The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/2676unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425http://secunia.com/advisories/22478http://securitytracker.com/id?1017093https://exchange.xforce.ibmcloud.com/vulnerabilities/29677http://www.kaspersky.com/technews?id=203038678http://www.osvdb.org/29891http://www.securityfocus.com/archive/1/449289/100/0/threadedhttp://www.securityfocus.com/archive/1/449301/100/0/threadedhttp://www.securityfocus.com/bid/20635http://www.vupen.com/english/advisories/2006/4117