CVE-2016-4329Improper Input Validation in Total Security

CWE-20Improper Input Validation7 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 83.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Kaspersky Total SecurityKaspersky Anti-virusKaspersky Internet Security
Timeline
PublishedJan 6
Latest updateMay 17

Description

A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDkaspersky/anti-virus16.0.0.614
CVEListV5kaspersky/total_security16.0.0.614
NVDkaspersky/total_security16.0.0.614

🔴Vulnerability Details

2
GHSA
GHSA-g386-8w5p-9mq7: A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software2022-05-17
CVEList
CVE-2016-4329: A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software2017-01-06

🕵️Threat Intelligence

4
Talos
Vulnerability Spotlight: Kaspersky Unhandled Windows Messages Denial of Service Vulnerability2016-09-06
Talos
Vulnerability Spotlight: Kaspersky Unhandled Windows Messages Denial of Service Vulnerability2016-09-06
Talos
Vulnerability Spotlight: Kaspersky Unhandled Windows Messages Denial of Service Vulnerability2016-08-26
Talos
Vulnerability Spotlight: Kaspersky Unhandled Windows Messages Denial of Service Vulnerability2016-08-26
CVE-2016-4329 — Improper Input Validation in Kaspersky | cvebase