SECUNIA ADVISORY ID: SA22478
VERIFY ADVISORY: http://secunia.com/advisories/22478/
CRITICAL: Less critical
IMPACT: Privilege escalation
WHERE: Local system
SOFTWARE:
Kaspersky Anti-Virus 6.x - http://secunia.com/product/10470/
Kaspersky Anti-Virus 5.x - http://secunia.com/product/2781/
Kaspersky Anti-Virus 4.x - http://secunia.com/product/916/
DESCRIPTION: A vulnerability has been reported in Kaspersky Labs Anti-Virus, which can be exploited by malicious, local users to gain escalated privileges. A design error due to improper address space validation in the KLIN.sys and KLICK.sys device drivers when processing IOCTL 0x80052110 requests can be exploited via a specially crafted IRP structure passed to the vulnerable IOCTL handler. Successful exploitation allows execution of arbitrary code with kernel-level privileges. The vulnerability is reported in version 2.0.0.281 of the device drivers, which are included in Kaspersky Labs Anti-Virus 6.0.0.303. Other versions may also be affected.
SOLUTION: Update to version 2.0.0.333 of the device drivers via Kaspersky's Update service.
PROVIDED AND/OR DISCOVERED BY: Rubén Santamarta, reversemode.com.
ORIGINAL ADVISORY: iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425
Kaspersky Labs Anti-Virus IOCTL Privilege EscalationPosted on Friday, October 20, 2006 @ 10:48:43 CDT in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
