CVE-2006-3074: Buffer Overflow
First published: Mon Jun 19 2006(Updated: )
klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kaspersky Anti-Virus | =7.0 | |
| Kaspersky Internet Security 2010 | =7.0 | |
| Kaspersky Internet Security 2010 | =6.0 | |
| Kaspersky Anti-Virus | =6.0 | |
| Microsoft Windows | ||
| Microsoft Windows Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://uninformed.org/index.cgi?v=4&a=4&p=4
- http://secunia.com/advisories/20629
- http://uninformed.org/index.cgi?v=4&a=4&p=7
- http://www.rootkit.com/board.php?did=edge726&closed=0&lastx=15
- http://www.rootkit.com/newsread.php?newsid=726
- http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php
- http://www.kaspersky.com/technews?id=203038695
- http://www.securityfocus.com/bid/18341
- http://www.securityfocus.com/bid/24491
- http://www.securitytracker.com/id?1018257
- http://secunia.com/advisories/25603
- http://www.vupen.com/english/advisories/2006/2333
- http://www.vupen.com/english/advisories/2007/2145
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34875
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27104
- http://www.securityfocus.com/archive/1/471453/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3074?
CVE-2006-3074 is rated as a high-severity vulnerability due to its potential to allow unauthorized access or control over the affected Kaspersky software.
How do I fix CVE-2006-3074?
To fix CVE-2006-3074, it is recommended to update to the latest version of Kaspersky Anti-Virus or Kaspersky Internet Security that addresses this vulnerability.
Which Kaspersky products are affected by CVE-2006-3074?
CVE-2006-3074 affects Kaspersky Anti-Virus 6.0 and 7.0, as well as Kaspersky Internet Security 6.0 and 7.0.
What types of attacks can exploit CVE-2006-3074?
CVE-2006-3074 can potentially be exploited through local privilege escalation, allowing attackers to gain unauthorized control over the affected systems.
Is my system at risk if I use Kaspersky Anti-Virus or Internet Security version 6.0 or 7.0?
Yes, if you are using Kaspersky Anti-Virus or Internet Security version 6.0 or 7.0, your system is at risk due to CVE-2006-3074 and should be updated immediately.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/kaspersky
- product/kaspersky anti-virus
- canonical/kaspersky kaspersky anti-virus
- product/kaspersky internet security
- canonical/kaspersky kaspersky internet security
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/kaspersky anti-virus
- version/kaspersky anti-virus/7.0
- canonical/kaspersky internet security 2010
- version/kaspersky internet security 2010/7.0
- version/kaspersky internet security 2010/6.0
- version/kaspersky anti-virus/6.0
- vendor/microsoft
- canonical/microsoft windows
- canonical/microsoft windows server