Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Windows >> Kaspersky Antivirus IOCTL Local Privilege Escalation Vulnerability

Vulnerability Assessment Details

Kaspersky Antivirus IOCTL Local Privilege Escalation Vulnerability

Vulnerability Assessment Summary
Checks date of virus signatures

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote Windows host contains an application that is prone to a
local privilege escalation issue.

Description :

The version of Kaspersky Antivirus installed on the remote host permits
a local attacker to execute arbitrary code with kernel rights by
passing a specially-crafted Irp structure to an IOCTL handler used by
the KLIN and KLICK device drivers. By leveraging this flaw, a local
attacker may be able to gain complete control of the affected system.

See also :

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425
http://www.securityfocus.com/archive/1/449258/30/0/threaded
http://www.securityfocus.com/archive/1/449301/30/0/threaded
http://www.kaspersky.com/technews?id=203038678

Solution :

Update the virus signatures after 10/12/2006 and restart the computer.

Network Security Threat Level:

High / CVSS Base Score : 7.0
(AV:L/AC:L/Au:NR/C:C/I:C/A:C/B:N)

Networks Security ID: 20635

Vulnerability Assessment Copyright: This script is Copyright (C) 2007 Tenable Network Security

Cables, Connectors