CVE-2006-4926

Name of the Vulnerable Software and Affected Versions Kaspersky Labs Anti-Virus version 6.0.0.303 KLICK.SYS device driver version 2.0.0.281 KLIN.SYS device driver version 2.0.0.281

Description The issue allows local users to execute arbitrary code via a crafted Irp structure with invalid addresses in the "0x80052110" IOCTL. This is related to the NDIS-TDI Hooking Engine used in certain device drivers.

Recommendations For Kaspersky Labs Anti-Virus version 6.0.0.303, update the KLICK.SYS and KLIN.SYS device drivers to a version that does not contain the vulnerable NDIS-TDI Hooking Engine. For KLICK.SYS device driver version 2.0.0.281, consider disabling the device driver until a patch is available. For KLIN.SYS device driver version 2.0.0.281, restrict access to the vulnerable IOCTL "0x80052110" to minimize the risk of exploitation.