Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Windows >> Kaspersky Antivirus IOCTL Local Privilege Escalation Vulnerability


Vulnerability Assessment Details

Kaspersky Antivirus IOCTL Local Privilege Escalation Vulnerability

Vulnerability Assessment Summary
Checks date of virus signatures

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote Windows host contains an application that is prone to a
local privilege escalation issue.

Description :

The version of Kaspersky Antivirus installed on the remote host permits
a local attacker to execute arbitrary code with kernel rights by
passing a specially-crafted Irp structure to an IOCTL handler used by
the KLIN and KLICK device drivers. By leveraging this flaw, a local
attacker may be able to gain complete control of the affected system.

See also :

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425
http://www.securityfocus.com/archive/1/449258/30/0/threaded
http://www.securityfocus.com/archive/1/449301/30/0/threaded
http://www.kaspersky.com/technews?id=203038678

Solution :

Update the virus signatures after 10/12/2006 and restart the computer.

Network Security Threat Level:

High / CVSS Base Score : 7.0
(AV:L/AC:L/Au:NR/C:C/I:C/A:C/B:N)

Networks Security ID: 20635

Vulnerability Assessment Copyright: This script is Copyright (C) 2007 Tenable Network Security

Cables, Connectors

LOT of 5 NEW Super Micro Server XEON HEATSINK RETENTION - SKT-095-604E
$9.99
LOT of 5 NEW Super Micro Server XEON HEATSINK RETENTION - SKT-095-604E pictureHP Proliant N36L Microserver Server w/ 250GB HDD, Remote Access Card, 8GB RAM
$200.0
HP Proliant N36L Microserver Server w/ 250GB HDD, Remote Access Card, 8GB RAM pictureHp Microserver G7 658553-001
$40.0
Hp Microserver G7 658553-001 pictureSuper Micro Computer X9SCA LGA 1155 Intel Server Motherboard
$167.89
Super Micro Computer X9SCA LGA 1155 Intel Server Motherboard picture


Discussions

No Discussions have been posted on this vulnerability.