CVE-2007-5086 - OpenCVE

Vendors	Products
Kaspersky Lab	Kaspersky Anti-virus Kaspersky Internet Security

Link	Providers
http://osvdb.org/37990
http://secunia.com/advisories/26887
http://www.kaspersky.com/technews?id=203038706
http://www.rootkit.com/newsread.php?newsid=778
http://www.vupen.com/english/advisories/2007/3259

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-12T00:00:00", "descriptions": [{"lang": "en", "value": "Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks. NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1. NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that \"it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2008-11-15T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2007-3259", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3259"}, {"name": "37990", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37990"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rootkit.com/newsread.php?newsid=778"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kaspersky.com/technews?id=203038706"}, {"name": "26887", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26887"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5086", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks. NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1. NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that \"it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-3259", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3259"}, {"name": "37990", "refsource": "OSVDB", "url": "http://osvdb.org/37990"}, {"name": "http://www.rootkit.com/newsread.php?newsid=778", "refsource": "MISC", "url": "http://www.rootkit.com/newsread.php?newsid=778"}, {"name": "http://www.kaspersky.com/technews?id=203038706", "refsource": "CONFIRM", "url": "http://www.kaspersky.com/technews?id=203038706"}, {"name": "26887", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26887"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:17:28.206Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2007-3259", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3259"}, {"name": "37990", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37990"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rootkit.com/newsread.php?newsid=778"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kaspersky.com/technews?id=203038706"}, {"name": "26887", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26887"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5086", "datePublished": "2007-09-26T10:00:00", "dateReserved": "2007-09-25T00:00:00", "dateUpdated": "2024-08-07T15:17:28.206Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DF096B6-3A74-4214-B886-110127E4BAC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:7.0_build125:*:*:*:*:*:*:*", "matchCriteriaId": "8A13F7D6-1B34-41F1-A2DB-725F7D39063C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks. NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1. NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that \"it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms.\""}, {"lang": "es", "value": "Kaspersky Anti-Virus (KAV) y Internet Security 7.0 construcci\u00f3n 125 no valida de forma adecuada ciertos par\u00e1metros en System Service Descriptor Table (SSDT) y manejadores de funci\u00f3n Shadow SSDT, lo cual permite a usuarios locales provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, y (7) NtUserBuildHwndList kernel SSDT enganchado en kylif.sys; el gancho(8) kernel NtDuplicateObject (DuplicateHandle) SSDT. NOTA: el vendededor cuestiona que el vector DuplicateHandle es una vulnerabilidad en su c\u00f3digo, bas\u00e1ndose en que \"no es un error de nuestro c\u00f3digo, pero un m\u00e9todo oscuro para la manipulaci\u00f3n estandar de las rutinas de windows sortea nuestros mecanismos de autodefensa\"."}], "id": "CVE-2007-5086", "lastModified": "2011-03-08T03:00:03.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-26T10:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/37990"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26887"}, {"source": "cve@mitre.org", "url": "http://www.kaspersky.com/technews?id=203038706"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.rootkit.com/newsread.php?newsid=778"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3259"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object