Vulnerability Description
klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kaspersky | Kaspersky Anti-Virus | 6.0 |
| Kaspersky | Kaspersky Internet Security | 6.0 |
| Microsoft | Windows | All versions |
| Microsoft | Windows Server | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/20629Vendor Advisory
- http://secunia.com/advisories/25603Vendor Advisory
- http://uninformed.org/index.cgi?v=4&a=4&p=4
- http://uninformed.org/index.cgi?v=4&a=4&p=7
- http://www.kaspersky.com/technews?id=203038695
- http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument
- http://www.rootkit.com/board.php?did=edge726&closed=0&lastx=15
- http://www.rootkit.com/newsread.php?newsid=726
- http://www.securityfocus.com/archive/1/471453/100/0/threaded
- http://www.securityfocus.com/bid/18341
- http://www.securityfocus.com/bid/24491
- http://www.securitytracker.com/id?1018257
- http://www.vupen.com/english/advisories/2006/2333Vendor Advisory
- http://www.vupen.com/english/advisories/2007/2145Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27104
FAQ
What is CVE-2006-3074?
CVE-2006-3074 is a vulnerability with a CVSS score of 5.0 (MEDIUM). klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to t...
How severe is CVE-2006-3074?
CVE-2006-3074 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3074?
Check the references section above for vendor advisories and patch information. Affected products include: Kaspersky Kaspersky Anti-Virus, Kaspersky Kaspersky Internet Security, Microsoft Windows, Microsoft Windows Server.