Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Windows >> Kaspersky Antivirus IOCTL Local Privilege Escalation Vulnerability


Vulnerability Assessment Details

Kaspersky Antivirus IOCTL Local Privilege Escalation Vulnerability

Vulnerability Assessment Summary
Checks date of virus signatures

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote Windows host contains an application that is prone to a
local privilege escalation issue.

Description :

The version of Kaspersky Antivirus installed on the remote host permits
a local attacker to execute arbitrary code with kernel rights by
passing a specially-crafted Irp structure to an IOCTL handler used by
the KLIN and KLICK device drivers. By leveraging this flaw, a local
attacker may be able to gain complete control of the affected system.

See also :

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425
http://www.securityfocus.com/archive/1/449258/30/0/threaded
http://www.securityfocus.com/archive/1/449301/30/0/threaded
http://www.kaspersky.com/technews?id=203038678

Solution :

Update the virus signatures after 10/12/2006 and restart the computer.

Network Security Threat Level:

High / CVSS Base Score : 7.0
(AV:L/AC:L/Au:NR/C:C/I:C/A:C/B:N)

Networks Security ID: 20635

Vulnerability Assessment Copyright: This script is Copyright (C) 2007 Tenable Network Security

Cables, Connectors

EZ-VGA MV1200 external Scandoubler Flickerfixer for Commodore Amiga AS-IS
$49.99
EZ-VGA MV1200 external Scandoubler Flickerfixer for Commodore Amiga AS-IS  pictureNew Mediator PCI 1200 TX Black Busboard 6x PCI for Amiga 1200 Tower #843
$358.06
New Mediator PCI 1200 TX Black Busboard 6x PCI for Amiga 1200 Tower #843 pictureNew Mediator PCI 4000Di 3V MK-III 4x PCI 3x Zorro III/II Slots - Amiga 4000 #842
$358.06
New Mediator PCI 4000Di 3V MK-III 4x PCI 3x Zorro III/II Slots - Amiga 4000 #842 pictureCommodore Amiga Model 1010 External 3.5” Disk Drive
$50.0
Commodore Amiga Model 1010 External 3.5” Disk Drive picture


Discussions

No Discussions have been posted on this vulnerability.