Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Kaspersky Internet Security套件Klif.SYS驱动本地堆溢出漏洞
Vulnerability Description
Kaspersky Internet Security(KIS,卡巴斯基安全软件)是俄罗斯卡巴斯基实验室(Kaspersky Lab)研发的一套兼有杀毒软件和防火墙功能的安全软件。 Kaspersky Internet Security的klif.sys驱动实现上存在漏洞,本地攻击者可能利用此漏洞导致内核破坏。 Internet Security套件的klif.sys驱动hook了各种系统调用,如注册表函数,其中hook的_NtSetValueKey()函数存在整数溢出漏洞。如果向该函数的数据大小参数传输
CVSS Information
N/A
Vulnerability Type
N/A