CVE-2007-5043

Name of the Vulnerable Software and Affected Versions Kaspersky Internet Security version 7.0.0.125

Description The issue is related to the improper validation of certain parameters to System Service Descriptor Table (SSDT) function handlers. This can allow local users to cause a denial of service, potentially leading to a crash, and may also allow them to gain privileges. The issue can be exploited via the NtCreateSection kernel SSDT hook or the NtLoadDriver kernel SSDT hook, which can also cause an avp.exe service outage.

Recommendations For Kaspersky Internet Security version 7.0.0.125, consider restricting access to the NtCreateSection and NtLoadDriver kernel SSDT hooks as a temporary workaround to minimize the risk of exploitation. Additionally, avoid using the affected SSDT function handlers until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.