KLA10945
Information leak and denial of service vulnerabilities in Kaspersky products

Multiple serious vulnerabilities have been found in Kaspersky products. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information.

Below is a complete list of vulnerabilities:

1. Multiple information leaks in different IOCTL handlers of Kaspersky Internet Security KLDISK driver can be exploited locally via a specially designed IOCTL requests to return out-of-bounds kernel memory and possibly obtain sensitive information as a result;
2. Vulnerabilities in syscall filtering functionality of Kaspersky Internet Security KLIF driver can be expoited locally via a specially designed native api call to cause an access violation resulting in a denial of service.

Technical details

All vulnerabilities can be exploited only in case machine already contains a malicious program.

Kaspersky Internet Security 2016 (16.0.0.614) 
Kaspersky Anti-Virus 2016 (16.0.0.614) 
Kaspersky Total Security 2016 (16.0.0.614)

Update to the latest versions
Download Kaspersky Total Security
Download Kaspersky Internet Security
Download Kaspersky Anti-Virus