Denial of Service and Privilege Escalation in Kaspersky Internet Security
CVE-2007-5043

Currently unrated

Key Information:

Vendor: kaspersky
Status: Kaspersky Internet Security
Vendor: CVE Published:; 24 September 2007

Summary

Kaspersky Internet Security 7.0.0.125 is affected by a vulnerability due to improper parameter validation in certain SSDT function handlers. This flaw allows local users to trigger a denial of service by crashing the system or causing service outages in the avp.exe service. Additionally, there is a risk of potential privilege escalation via the NtCreateSection SSDT hook. This issue represents a significant risk as it could allow unauthorized access or disruptions in critical security functions.

References

http://securityreason.com/securityalert/3161

third-party-advisoryx_refsource_SREASON

http://www.matousec.com/info/advisories/plague-in-securit...

x_refsource_MISC

http://www.matousec.com/projects/windows-personal-firewal...

x_refsource_MISC

Timeline

Vulnerability published
Sep 24, 2007
Vulnerability Reserved
Sep 23, 2007