CVE-2006-4926

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2006-4926 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by iDefense.
The original article can be found at:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2006-4926

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Kaspersky Labs Anti-Virus version 6.0.0.303 with KLICK and KLIN device drivers version 2.0.0.281.

The vulnerability specifically exists due to improper address space validation when the KLIN and KLICK device drivers processes IOCTL 0x80052110. By passing a specially crafted Irp structure to the affected IOCTL handler, attackers can cause the driver to execute arbitrary code via a CALL instruction using user supplied data. Execution of data stored in user-land buffers is trivial.

Exploitation allows attackers to gain elevated privileges by executing code within kernel context. This allows attackers to gain control of the affected system. However, local access is required for exploitation to be successful.

CVE Information:
CVE-2006-4926.

Disclosure Timeline:
* 09/18/2006 - Initial vendor notification
* 09/19/2006 - Initial vendor response
* 10/19/2006 - Coordinated public disclosure

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus