CVE-2007-5086

Name of the Vulnerable Software and Affected Versions Kaspersky Anti-Virus (KAV) and Internet Security version 7.0 build 125

Description The issue arises from improper validation of certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, allowing local users to cause a denial of service (crash) via various kernel SSDT hooks in kylif.sys, including NtUserSendInput, LoadLibraryA, NtOpenProcess, NtOpenThread, NtTerminateProcess, NtUserFindWindowEx, and NtUserBuildHwndList. Additionally, the NtDuplicateObject (DuplicateHandle) kernel SSDT hook is potentially affected.

Recommendations For Kaspersky Anti-Virus (KAV) and Internet Security version 7.0 build 125, consider disabling the vulnerable kernel SSDT hooks in kylif.sys as a temporary workaround until a patch is available. Restrict access to the NtUserSendInput, LoadLibraryA, NtOpenProcess, NtOpenThread, NtTerminateProcess, NtUserFindWindowEx, and NtUserBuildHwndList functions to minimize the risk of exploitation. Avoid using the NtDuplicateObject (DuplicateHandle) function in the affected kernel SSDT hook until the issue is resolved.