{"api_version":"1","generated_at":"2026-04-23T05:57:46+00:00","cve":"CVE-2006-3074","urls":{"html":"https://cve.report/CVE-2006-3074","api":"https://cve.report/api/cve/CVE-2006-3074.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-3074","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-3074"},"summary":{"title":"CVE-2006-3074","description":"klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-06-19 10:02:00","updated_at":"2018-10-18 16:45:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/18341","name":"18341","refsource":"BID","tags":[],"title":"Kaspersky Internet Security Suite Multiple Local Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2006/2333","name":"ADV-2006-2333","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kaspersky.com/technews?id=203038695","name":"http://www.kaspersky.com/technews?id=203038695","refsource":"CONFIRM","tags":[],"title":"KLV07-07.Klif.sys calling NtOpenProcess vulnerability","mime":"text/html","httpstatus":"410","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/2145","name":"ADV-2007-2145","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/471453/100/0/threaded","name":"20070615 Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/20629","name":"20629","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Kaspersky Anti-Virus \"klif.sys\" Denial of Service Vulnerability - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34875","name":"kaspersky-multiple-klif-dos(34875)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/24491","name":"24491","refsource":"BID","tags":[],"title":"Kaspersky Internet Security 6 SSDT Hooks Multiple Local Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.rootkit.com/newsread.php?newsid=726","name":"http://www.rootkit.com/newsread.php?newsid=726","refsource":"MISC","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://www.rootkit.com/board.php?did=edge726&closed=0&lastx=15","name":"http://www.rootkit.com/board.php?did=edge726&closed=0&lastx=15","refsource":"MISC","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27104","name":"kaspersky-klif-dos(27104)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://uninformed.org/index.cgi?v=4&a=4&p=7","name":"http://uninformed.org/index.cgi?v=4&a=4&p=7","refsource":"MISC","tags":[],"title":"Uninformed","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php","name":"http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php","refsource":"MISC","tags":[],"title":"Advisory 2007-06-15.01 - matousec.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/25603","name":"25603","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Kaspersky AntiVirus klif.sys Hooked Functions Denial of Service - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://uninformed.org/index.cgi?v=4&a=4&p=4","name":"http://uninformed.org/index.cgi?v=4&a=4&p=4","refsource":"MISC","tags":[],"title":"Uninformed","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1018257","name":"1018257","refsource":"SECTRACK","tags":[],"title":"Kaspersky Internet Security 'klif.sys' Driver Lets Local Users Deny Service - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-3074","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3074","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"3074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kaspersky","cpe5":"kaspersky_anti-virus","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kaspersky","cpe5":"kaspersky_anti-virus","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3074","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kaspersky","cpe5":"kaspersky_anti-virus","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3074","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kaspersky","cpe5":"kaspersky_anti-virus","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kaspersky","cpe5":"kaspersky_internet_security","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3074","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kaspersky","cpe5":"kaspersky_internet_security","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3074","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kaspersky","cpe5":"kaspersky_internet_security","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3074","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kaspersky","cpe5":"kaspersky_internet_security","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3074","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3074","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3074","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3074","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-3074","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"kaspersky-klif-dos(27104)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/27104"},{"name":"kaspersky-multiple-klif-dos(34875)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34875"},{"name":"18341","refsource":"BID","url":"http://www.securityfocus.com/bid/18341"},{"name":"1018257","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018257"},{"name":"http://uninformed.org/index.cgi?v=4&a=4&p=4","refsource":"MISC","url":"http://uninformed.org/index.cgi?v=4&a=4&p=4"},{"name":"ADV-2007-2145","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/2145"},{"name":"24491","refsource":"BID","url":"http://www.securityfocus.com/bid/24491"},{"name":"ADV-2006-2333","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2333"},{"name":"http://www.kaspersky.com/technews?id=203038695","refsource":"CONFIRM","url":"http://www.kaspersky.com/technews?id=203038695"},{"name":"25603","refsource":"SECUNIA","url":"http://secunia.com/advisories/25603"},{"name":"http://www.rootkit.com/board.php?did=edge726&closed=0&lastx=15","refsource":"MISC","url":"http://www.rootkit.com/board.php?did=edge726&closed=0&lastx=15"},{"name":"20070615 Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/471453/100/0/threaded"},{"name":"http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php","refsource":"MISC","url":"http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"},{"name":"20629","refsource":"SECUNIA","url":"http://secunia.com/advisories/20629"},{"name":"http://uninformed.org/index.cgi?v=4&a=4&p=7","refsource":"MISC","url":"http://uninformed.org/index.cgi?v=4&a=4&p=7"},{"name":"http://www.rootkit.com/newsread.php?newsid=726","refsource":"MISC","url":"http://www.rootkit.com/newsread.php?newsid=726"}]}},"nvd":{"publishedDate":"2006-06-19 10:02:00","lastModifiedDate":"2018-10-18 16:45:00","problem_types":["CWE-119"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kaspersky:kaspersky_anti-virus:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kaspersky:kaspersky_internet_security:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kaspersky:kaspersky_internet_security:6.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kaspersky:kaspersky_anti-virus:6.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kaspersky:kaspersky_anti-virus:6.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"3074","Ordinal":"18399","Title":"CVE-2006-3074","CVE":"CVE-2006-3074","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"3074","Ordinal":"1","NoteData":"klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"3074","Ordinal":"2","NoteData":"2006-06-19","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"3074","Ordinal":"3","NoteData":"2018-10-18","Type":"Other","Title":"Modified"}]}}}