Kaspersky Internet Security Suite Klif.SYS Driver Local Heap Overflow Vulnerability
BID:23326
Info
Kaspersky Internet Security Suite Klif.SYS Driver Local Heap Overflow Vulnerability
| Bugtraq ID: | 23326 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 04 2007 12:00AM |
| Updated: | Apr 06 2007 04:02AM |
| Credit: | An anonymous researcher is credited with the discovery of this vulnerability. |
| Vulnerable: |
Kaspersky Internet Security 6.0.1.411 |
| Not Vulnerable: |
Kaspersky Internet Security 6.0.Maintenance Pack Kaspersky Anti-Virus 6.0.Maintenance Pack Kaspersky Anti-Virus 6.0.2.678 |
Discussion
Kaspersky Internet Security Suite Klif.SYS Driver Local Heap Overflow Vulnerability
Kaspersky Internet Security Suite is prone to a heap-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to a buffer.
An attacker could leverage this issue to execute arbitrary code with kernel-level privileges. A successful exploit could result in the complete compromise of the affected system.
Kaspersky Internet Security Suite 6.0.1.411 for Microsoft Windows is reported vulnerable; previous versions may be vulnerable as well.
Kaspersky Internet Security Suite is prone to a heap-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to a buffer.
An attacker could leverage this issue to execute arbitrary code with kernel-level privileges. A successful exploit could result in the complete compromise of the affected system.
Kaspersky Internet Security Suite 6.0.1.411 for Microsoft Windows is reported vulnerable; previous versions may be vulnerable as well.
Exploit / POC
Kaspersky Internet Security Suite Klif.SYS Driver Local Heap Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Kaspersky Internet Security Suite Klif.SYS Driver Local Heap Overflow Vulnerability
Solution:
The vendor has released an update to address this issue; please see the references for details.
Solution:
The vendor has released an update to address this issue; please see the references for details.
References
Kaspersky Internet Security Suite Klif.SYS Driver Local Heap Overflow Vulnerability
References:
References:
- 3 vulnerabilities fixed in Kaspersky Anti-Virus for Workstation, File Server ver (Kaspersky)
- Kaspersky Anti-Virus 6.0, Kaspersky Internet Security 6.0 - 5 vulnerabilities fi (Kaspersky)
- Kaspersky Internet Security Product Page (Kaspersky Labs)
- Kaspersky Internet Security Suite klif.sys Heap Overflow Vulnerability (iDefense)
- iDefense Security Advisory 04.04.07: Kaspersky Internet Security Suite klif.sys (iDefense)