Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA10945
Information leak and denial of service vulnerabilities in Kaspersky products

Updated: 06/03/2020
Detect date
?
 01/06/2017
Severity
?
 Warning
Description

Multiple serious vulnerabilities have been found in Kaspersky products. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. Multiple information leaks in different IOCTL handlers of Kaspersky Internet Security KLDISK driver can be exploited locally via a specially designed IOCTL requests to return out-of-bounds kernel memory and possibly obtain sensitive information as a result;
  2. Vulnerabilities in syscall filtering functionality of Kaspersky Internet Security KLIF driver can be expoited locally via a specially designed native api call to cause an access violation resulting in a denial of service.

Technical details

All vulnerabilities can be exploited only in case machine already contains a malicious program.
Affected products

Kaspersky Internet Security 2016 (16.0.0.614) 
Kaspersky Anti-Virus 2016 (16.0.0.614) 
Kaspersky Total Security 2016 (16.0.0.614)
Solution

Update to the latest versions
Download Kaspersky Total Security
Download Kaspersky Internet Security
Download Kaspersky Anti-Virus
Original advisories

Kaspersky Lab Advisory
Impacts
?
OSI 
[?]

DoS 
[?]
Related products
 Kaspersky Internet Security
Kaspersky Anti-Virus
CVE-IDS
?
CVE-2016-43062.1Warning
CVE-2016-43052.1Warning
CVE-2016-43042.1Warning
Find out the statistics of the vulnerabilities spreading in your region
© 2021 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up