Vulnerability Details CVE-2006-4926
The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.4%
CVSS Severity
CVSS v2 Score 7.2
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425
- http://secunia.com/advisories/22478
- http://securitytracker.com/id?1017093
- http://www.kaspersky.com/technews?id=203038678
- http://www.osvdb.org/29891
- http://www.securityfocus.com/archive/1/449289/100/0/threaded
- http://www.securityfocus.com/archive/1/449301/100/0/threaded
- http://www.securityfocus.com/bid/20635
- http://www.vupen.com/english/advisories/2006/4117
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29677
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425
- http://secunia.com/advisories/22478
- http://securitytracker.com/id?1017093
- http://www.kaspersky.com/technews?id=203038678
- http://www.osvdb.org/29891
- http://www.securityfocus.com/archive/1/449289/100/0/threaded
- http://www.securityfocus.com/archive/1/449301/100/0/threaded
- http://www.securityfocus.com/bid/20635
- http://www.vupen.com/english/advisories/2006/4117
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29677
Products affected by CVE-2006-4926
-
cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:5.0
-
cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:6.0
-
cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus_personal:5.0
-
cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus_personal_pro:5.0
-
cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:6.0