Kaspersky Lab has released updates for its consumer products to address several denial-of-service (DoS) and memory disclosure vulnerabilities identified by researchers at Cisco’s Talos group.
Cisco reported discovering a total of four issues in Kaspersky Internet Security products, specifically in the KLIF, KLDISK and KL1 drivers.
Two of the flaws, tracked as CVE-2016-4304 and CVE-2016-4305, are related to the way the KLIF driver handles NtUserCreateWindowEx and NtAdjustTokenPrivileges calls. A malicious app can execute an API call using invalid parameters and cause a system crash.
Leave a reply