CVE-2006-3074

NONECVSS 0.0

0.0

klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.

🔗 References (32)

cve@mitrehttp://secunia.com/advisories/20629
cve@mitrehttp://secunia.com/advisories/25603
cve@mitrehttp://uninformed.org/index.cgi?v=4&a=4&p=4
cve@mitrehttp://uninformed.org/index.cgi?v=4&a=4&p=7
cve@mitrehttp://www.kaspersky.com/technews?id=203038695
cve@mitrehttp://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php
cve@mitrehttp://www.rootkit.com/board.php?did=edge726&closed=0&lastx=15
cve@mitrehttp://www.rootkit.com/newsread.php?newsid=726
cve@mitrehttp://www.securityfocus.com/archive/1/471453/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/18341
cve@mitrehttp://www.securityfocus.com/bid/24491
cve@mitrehttp://www.securitytracker.com/id?1018257
cve@mitrehttp://www.vupen.com/english/advisories/2006/2333
cve@mitrehttp://www.vupen.com/english/advisories/2007/2145
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/27104

Is Your Infrastructure Affected by CVE-2006-3074?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2006-3074

📅 Published

🔄 Last Modified

🔗 References (32)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2006-3074?