CVE-2006-3074

Name of the Vulnerable Software and Affected Versions Kaspersky Internet Security versions 6.0 through 7.0 Kaspersky Anti-Virus versions 6.0 through 7.0 Kaspersky Anti-Virus 6.0 for Windows Workstations Kaspersky Anti-Virus 6.0 for Windows Servers Kaspersky Anti-Virus version 6.0.0.300 and earlier Kaspersky Internet Security version 6.0.0.300 and earlier Kaspersky Internet Security Suite version 5.0 and earlier

Description The issue is related to the klif.sys component, which does not validate certain parameters to hooked system calls, including NtCreateKey, NtCreateProcess, NtCreateProcessEx, NtCreateSection, NtCreateSymbolicLinkObject, NtCreateThread, NtDeleteValueKey, NtLoadKey2, NtOpenKey, NtOpenProcess, NtOpenSection, and NtQueryValueKey. This allows local users to cause a denial of service, resulting in a system reboot, by providing an invalid parameter, such as the ClientId parameter to NtOpenProcess.

Recommendations For Kaspersky Internet Security versions 6.0 through 7.0, update to a version that includes the fix for this issue. For Kaspersky Anti-Virus versions 6.0 through 7.0, update to a version that includes the fix for this issue. For Kaspersky Anti-Virus 6.0 for Windows Workstations, update to a version that includes the fix for this issue. For Kaspersky Anti-Virus 6.0 for Windows Servers, update to a version that includes the fix for this issue. For Kaspersky Anti-Virus version 6.0.0.300 and earlier, update to a version later than 6.0.0.300. For Kaspersky Internet Security version 6.0.0.300 and earlier, update to a version later than 6.0.0.300. For Kaspersky Internet Security Suite version 5.0 and earlier, update to a version later than 5.0. As a temporary workaround, consider restricting access to the klif.sys component to minimize the risk of exploitation.