Kaspersky Labs Anti-Virus IOCTL Privilege Escalation
Secunia Advisory: SA22478 Release Date: 2006-10-20
Critical: Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch
Kaspersky Anti-Virus 4.x
Kaspersky Anti-Virus 5.x
Kaspersky Anti-Virus 6.x
A vulnerability has been reported in Kaspersky Labs Anti-Virus, which can be exploited by malicious, local users to gain escalated privileges.
A design error due to improper address space validation in the KLIN.sys and KLICK.sys device drivers when processing IOCTL 0x80052110 requests can be exploited via a specially crafted IRP structure passed to the vulnerable IOCTL handler.
Successful exploitation allows execution of arbitrary code with kernel-level privileges.
The vulnerability is reported in version 188.8.131.521 of the device drivers, which are included in Kaspersky Labs Anti-Virus 184.108.40.2063. Other versions may also be affected.
Solution: Update to version 220.127.116.113 of the device drivers via Kaspersky's Update service.
Provided and/or discovered by: Rubén Santamarta, reversemode.com.
Original Advisory: iDefense Labs: http://labs.idefense.com/intelligenc...lay.php?id=425