klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.
                
            References
                    Configurations
                    Configuration 1 (hide)
| 
 | 
Configuration 2 (hide)
| AND | 
 
 | 
History
                    No history.
Information
                Published : 2006-06-19 10:02
Updated : 2025-04-03 01:03
NVD link : CVE-2006-3074
Mitre link : CVE-2006-3074
CVE.ORG link : CVE-2006-3074
JSON object : View
Products Affected
                kaspersky
- kaspersky_anti-virus
- kaspersky_internet_security
microsoft
- windows
- windows_server
CWE
                
                    
                        
                        CWE-119
                        
            Improper Restriction of Operations within the Bounds of a Memory Buffer
