CVE-2006-3074 Information

Description

klif.sys in Kaspersky Internet Security 6.0 and 7.0 Kaspersky Anti-Virus (KAV) 6.0 and 7.0 KAV 6.0 for Windows Workstations and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey (2) NtCreateProcess (3) NtCreateProcessEx (4) NtCreateSection (5) NtCreateSymbolicLinkObject (6) NtCreateThread (7) NtDeleteValueKey (8) NtLoadKey2 (9) NtOpenKey (10) NtOpenProcess (11) NtOpenSection and (12) NtQueryValueKey hooked system calls which allows local users to cause a denial of service (reboot) via an invalid parameter as demonstrated by the ClientId parameter to NtOpenProcess.

Reference

http://secunia.com/advisories/20629 http://secunia.com/advisories/25603 http://uninformed.org/index.cgi?v=4&a=4&p=4 http://uninformed.org/index.cgi?v=4&a=4&p=7 http://www.kaspersky.com/technews?id=203038695 http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php http://www.rootkit.com/board.php?did=edge726&closed=0&lastx=15 http://www.rootkit.com/newsread.php?newsid=726 http://www.securityfocus.com/archive/1/471453/100/0/threaded http://www.securityfocus.com/bid/18341 http://www.securityfocus.com/bid/24491 http://www.securitytracker.com/id?1018257 http://www.vupen.com/english/advisories/2006/2333 http://www.vupen.com/english/advisories/2007/2145 https://exchange.xforce.ibmcloud.com/vulnerabilities/27104 https://exchange.xforce.ibmcloud.com/vulnerabilities/34875