CVE-2007-5086

{"id": "CVE-2007-5086", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-09-26T10:17:00.000", "references": [{"url": "http://osvdb.org/37990", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26887", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kaspersky.com/technews?id=203038706", "source": "cve@mitre.org"}, {"url": "http://www.rootkit.com/newsread.php?newsid=778", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3259", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks. NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1. NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that \"it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms.\""}, {"lang": "es", "value": "Kaspersky Anti-Virus (KAV) y Internet Security 7.0 construcci\u00f3n 125 no valida de forma adecuada ciertos par\u00e1metros en System Service Descriptor Table (SSDT) y manejadores de funci\u00f3n Shadow SSDT, lo cual permite a usuarios locales provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, y (7) NtUserBuildHwndList kernel SSDT enganchado en kylif.sys; el gancho(8) kernel NtDuplicateObject (DuplicateHandle) SSDT. NOTA: el vendededor cuestiona que el vector DuplicateHandle es una vulnerabilidad en su c\u00f3digo, bas\u00e1ndose en que \"no es un error de nuestro c\u00f3digo, pero un m\u00e9todo oscuro para la manipulaci\u00f3n estandar de las rutinas de windows sortea nuestros mecanismos de autodefensa\"."}], "lastModified": "2011-03-08T03:00:03.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DF096B6-3A74-4214-B886-110127E4BAC6"}, {"criteria": "cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:7.0_build125:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A13F7D6-1B34-41F1-A2DB-725F7D39063C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}