Denial of Service Vulnerability in Kaspersky Anti-Virus and Internet Security
CVE-2007-5086

Currently unrated

Key Information:

Vendor: kaspersky
Status: Kaspersky Anti-virus; Kaspersky Internet Security
Vendor: CVE Published:; 26 September 2007

Summary

Kaspersky Anti-Virus and Internet Security 7.0 Build 125 are vulnerable due to improper validation of parameters in the System Service Descriptor Table (SSDT) and Shadow SSDT function handlers. This flaw allows local users to trigger a denial of service by exploiting various SSDT hooks, leading to potential system crashes. Notably, the vulnerability impacts key functions such as NtUserSendInput and LoadLibraryA, among others, raising concerns regarding the security and stability of the affected software.

References

http://www.vupen.com/english/advisories/2007/3259

vdb-entryx_refsource_VUPEN

http://osvdb.org/37990

vdb-entryx_refsource_OSVDB

http://www.rootkit.com/newsread.php?newsid=778

x_refsource_MISC

Timeline

Vulnerability published
Sep 26, 2007
Vulnerability Reserved
Sep 25, 2007