Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3074

CWE-119 — Buffer Overflow4 documents4 sources

Severity

5.0MEDIUM

EPSS

4.1%

top 11.48%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Kaspersky Kaspersky Anti-virus Kaspersky Kaspersky Internet Security

Timeline

PublishedJun 19

Latest updateMay 1

Description

klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users…

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDkaspersky/kaspersky_anti-virus6.0, 7.0+1

▶NVDkaspersky/kaspersky_internet_security6.0, 7.0+1

🔴Vulnerability Details

GHSA

GHSA-w86f-98cr-v2wp: klif↗2022-05-01

▶

CVEList

CVE-2006-3074: klif↗2006-06-19

▶

💥Exploits & PoCs

Exploit-DB

Kaspersky Internet Security 6.0 - SSDT Hooks Multiple Local Vulnerabilities↗2007-06-15

▶