CVE-2016-4306
N/A
N/A
Summary
Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Kaspersky | Total Security | 16.0.0.614 | affected |
Weaknesses
- unspecified
ADP Enrichment
CVE Program Container
Additional References
- http://www.securitytracker.com/id/1036702
- http://www.talosintelligence.com/reports/TALOS-2016-0168/
- http://www.securitytracker.com/id/1036703
References
- http://www.securitytracker.com/id/1036702
- http://www.talosintelligence.com/reports/TALOS-2016-0168/
- http://www.securitytracker.com/id/1036703
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.