CVE-2007-5043Improper Input Validation in LAB Kaspersky Internet Security

CWE-20Improper Input ValidationCWE-2643 documents3 sources
Severity
4.4MEDIUMNVD
CNA5.0
EPSS
0.1%
top 82.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Kaspersky LAB Kaspersky Internet Security
Timeline
PublishedSep 24
Latest updateMay 1

Description

Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to (1) cause a denial of service (crash) and possibly gain privileges via the NtCreateSection kernel SSDT hook or (2) cause a denial of service (avp.exe service outage) via the NtLoadDriver kernel SSDT hook. NOTE: this issue may partially overlap CVE-2006-3074.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-954f-qffp-hrxp: Kaspersky Internet Security 72022-05-01
CVEList
CVE-2007-5043: Kaspersky Internet Security 72007-09-24
CVE-2007-5043 — Improper Input Validation | cvebase