CVE-2007-5086

Kaspersky Anti-Virus and Internet Security 7.0 build 125 - Denial of Service via SSDT Hook Parameter Validation

Title source: llm
STIX 2.1

Description

Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks. NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1. NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that "it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms."

References (5)

Core 5
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3259
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37990
Various Sources x_refsource_confirm
http://www.kaspersky.com/technews?id=203038706
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26887

Scores

EPSS 0.0044
EPSS Percentile 35.5%

Details

CWE
CWE-20
Status published
Products (2)
kaspersky_lab/kaspersky_anti-virus
kaspersky_lab/kaspersky_internet_security 7.0_build125
Published Sep 26, 2007
Tracked Since Feb 18, 2026