CVE-2006-4926

Kaspersky Labs Anti-Virus <6.0.0.303 - RCE

Title source: llm

Description

The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nanika · c++localwindows

https://www.exploit-db.com/exploits/2676

View Code ZIP pw:eip

References (10)

[Patch, Vendor Advisory] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425

[Patch, Vendor Advisory] http://secunia.com/advisories/22478

[Exploit, Patch] http://securitytracker.com/id?1017093

[Patch] http://www.kaspersky.com/technews?id=203038678

[Exploit, Patch] http://www.osvdb.org/29891

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/449289/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/449301/100/0/threaded

[Exploit, Patch] http://www.securityfocus.com/bid/20635

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/29677

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/4117

Scores

EPSS 0.0028

EPSS Percentile 51.4%

Details

Status published

Products (5)

kaspersky_lab/kaspersky_anti-virus 5.0

kaspersky_lab/kaspersky_anti-virus 6.0

kaspersky_lab/kaspersky_anti-virus_personal 5.0

kaspersky_lab/kaspersky_anti-virus_personal_pro 5.0

kaspersky_lab/kaspersky_internet_security 6.0 maintenance_pack_2

Published Oct 20, 2006

Tracked Since Feb 18, 2026