Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4926LAB Kaspersky Anti-virus vulnerability

4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.3%
top 48.58%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Kaspersky LAB Kaspersky Anti-virusKaspersky LAB Kaspersky Anti-virus PersonalKaspersky LAB Kaspersky Anti-virus Personal PRO+1 more
Timeline
PublishedOct 20
Latest updateMay 1

Description

The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages4 packages

Patches

Patch: labs.idefense.comPatch: secunia.comPatch: securitytracker.com

🔴Vulnerability Details

2
GHSA
GHSA-r9ww-rg22-c2wc: The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK2022-05-01
CVEList
CVE-2006-4926: The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK2006-10-20

💥Exploits & PoCs

1
Exploit-DB
Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow / Local Privilege Escalation2006-10-29
CVE-2006-4926 — LAB Kaspersky Anti-virus vulnerability | cvebase