CVE-2006-4926
published 2006-10-20CVE-2006-4926: The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303…
PriorityP434high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.26%
65.9th percentile
The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kaspersky_lab | kaspersky_anti-virus | — | — |
| kaspersky_lab | kaspersky_anti-virus | — | — |
| kaspersky_lab | kaspersky_anti-virus_personal | — | — |
| kaspersky_lab | kaspersky_anti-virus_personal_pro | — | — |
| kaspersky_lab | kaspersky_internet_security | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Kaspersky Lab Anti-Virus 5.0/6.0 Device Driver memory corruption (EDB-2676 / Nessus ID 23996)
vuldb·2026-04-25·CVSS 7.2
CVE-2006-4926 [HIGH] Kaspersky Lab Anti-Virus 5.0/6.0 Device Driver memory corruption (EDB-2676 / Nessus ID 23996)
A vulnerability labeled as problematic has been found in Kaspersky Lab Anti-Virus 5.0/6.0. This vulnerability affects unknown code of the component Device Driver. Such manipulation leads to memory corruption.
This vulnerability is uniquely identified as CVE-2006-4926. Local access is required to approach this attack. Moreover, an exploit is present.
The affected component should be upgraded.
GHSA
GHSA-r9ww-rg22-c2wc: The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK
ghsa_unreviewed·2022-05-01
CVE-2006-4926 [HIGH] GHSA-r9ww-rg22-c2wc: The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK
The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL.
No detection rules found.
No writeups or analysis indexed.
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425http://secunia.com/advisories/22478http://securitytracker.com/id?1017093http://www.kaspersky.com/technews?id=203038678http://www.osvdb.org/29891http://www.securityfocus.com/archive/1/449289/100/0/threadedhttp://www.securityfocus.com/archive/1/449301/100/0/threadedhttp://www.securityfocus.com/bid/20635http://www.vupen.com/english/advisories/2006/4117https://exchange.xforce.ibmcloud.com/vulnerabilities/29677http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425http://secunia.com/advisories/22478http://securitytracker.com/id?1017093http://www.kaspersky.com/technews?id=203038678http://www.osvdb.org/29891http://www.securityfocus.com/archive/1/449289/100/0/threadedhttp://www.securityfocus.com/archive/1/449301/100/0/threadedhttp://www.securityfocus.com/bid/20635http://www.vupen.com/english/advisories/2006/4117https://exchange.xforce.ibmcloud.com/vulnerabilities/29677
2006-10-20
Published