CVE-2007-5086 (GCVE-0-2007-5086)

Vulnerability from cvelistv5 – Published: 2007-09-26 10:00 – Updated: 2024-08-07 15:17
VLAI?
Summary
Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks. NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1. NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that "it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms."
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.vupen.com/english/advisories/2007/3259 vdb-entryx_refsource_VUPEN
http://osvdb.org/37990 vdb-entryx_refsource_OSVDB
http://www.rootkit.com/newsread.php?newsid=778 x_refsource_MISC
http://www.kaspersky.com/technews?id=203038706 x_refsource_CONFIRM
http://secunia.com/advisories/26887 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:17:28.206Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-3259",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3259"
          },
          {
            "name": "37990",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37990"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.rootkit.com/newsread.php?newsid=778"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kaspersky.com/technews?id=203038706"
          },
          {
            "name": "26887",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26887"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks.  NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1.  NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that \"it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-11-15T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-3259",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3259"
        },
        {
          "name": "37990",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37990"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.rootkit.com/newsread.php?newsid=778"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kaspersky.com/technews?id=203038706"
        },
        {
          "name": "26887",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26887"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5086",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks.  NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1.  NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that \"it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-3259",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3259"
            },
            {
              "name": "37990",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37990"
            },
            {
              "name": "http://www.rootkit.com/newsread.php?newsid=778",
              "refsource": "MISC",
              "url": "http://www.rootkit.com/newsread.php?newsid=778"
            },
            {
              "name": "http://www.kaspersky.com/technews?id=203038706",
              "refsource": "CONFIRM",
              "url": "http://www.kaspersky.com/technews?id=203038706"
            },
            {
              "name": "26887",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26887"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5086",
    "datePublished": "2007-09-26T10:00:00",
    "dateReserved": "2007-09-25T00:00:00",
    "dateUpdated": "2024-08-07T15:17:28.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DF096B6-3A74-4214-B886-110127E4BAC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:7.0_build125:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A13F7D6-1B34-41F1-A2DB-725F7D39063C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks.  NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1.  NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that \\\"it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms.\\\"\"}, {\"lang\": \"es\", \"value\": \"Kaspersky Anti-Virus (KAV) y Internet Security 7.0 construcci\\u00f3n 125 no valida de forma adecuada ciertos par\\u00e1metros en System Service Descriptor Table (SSDT) y manejadores de funci\\u00f3n Shadow SSDT, lo cual permite a usuarios locales provocar denegaci\\u00f3n de servicio (caida) a trav\\u00e9s de (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, y (7) NtUserBuildHwndList kernel SSDT enganchado en kylif.sys; el gancho(8) kernel NtDuplicateObject (DuplicateHandle) SSDT. NOTA: el vendededor cuestiona que el vector DuplicateHandle es  una vulnerabilidad en su c\\u00f3digo, bas\\u00e1ndose en que \\\"no es un error de nuestro c\\u00f3digo, pero un m\\u00e9todo oscuro para la manipulaci\\u00f3n estandar de las rutinas de windows sortea nuestros mecanismos de autodefensa\\\".\"}]",
      "id": "CVE-2007-5086",
      "lastModified": "2024-11-21T00:37:05.633",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-09-26T10:17:00.000",
      "references": "[{\"url\": \"http://osvdb.org/37990\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/26887\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.kaspersky.com/technews?id=203038706\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.rootkit.com/newsread.php?newsid=778\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3259\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/37990\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/26887\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.kaspersky.com/technews?id=203038706\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.rootkit.com/newsread.php?newsid=778\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3259\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5086\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-09-26T10:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not properly validate certain parameters to System Service Descriptor Table (SSDT) and Shadow SSDT function handlers, which allows local users to cause a denial of service (crash) via the (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, and (7) NtUserBuildHwndList kernel SSDT hooks in kylif.sys; the (8) NtDuplicateObject (DuplicateHandle) kernel SSDT hook; and possibly other kernel SSDT hooks.  NOTE: the NtCreateSection vector is covered by CVE-2007-5043.1.  NOTE: the vendor disputes that the DuplicateHandle vector is a vulnerability in their code, stating that \\\"it is not an error in our code, but an obscure method for manipulating standard Windows routines to circumvent our self-defense mechanisms.\\\"\"},{\"lang\":\"es\",\"value\":\"Kaspersky Anti-Virus (KAV) y Internet Security 7.0 construcci\u00f3n 125 no valida de forma adecuada ciertos par\u00e1metros en System Service Descriptor Table (SSDT) y manejadores de funci\u00f3n Shadow SSDT, lo cual permite a usuarios locales provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de (1) NtUserSendInput, (2) LoadLibraryA, (3) NtOpenProcess, (4) NtOpenThread, (5) NtTerminateProcess, (6) NtUserFindWindowEx, y (7) NtUserBuildHwndList kernel SSDT enganchado en kylif.sys; el gancho(8) kernel NtDuplicateObject (DuplicateHandle) SSDT. NOTA: el vendededor cuestiona que el vector DuplicateHandle es  una vulnerabilidad en su c\u00f3digo, bas\u00e1ndose en que \\\"no es un error de nuestro c\u00f3digo, pero un m\u00e9todo oscuro para la manipulaci\u00f3n estandar de las rutinas de windows sortea nuestros mecanismos de autodefensa\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DF096B6-3A74-4214-B886-110127E4BAC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kaspersky_lab:kaspersky_internet_security:7.0_build125:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A13F7D6-1B34-41F1-A2DB-725F7D39063C\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/37990\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26887\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kaspersky.com/technews?id=203038706\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.rootkit.com/newsread.php?newsid=778\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/3259\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/37990\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26887\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.kaspersky.com/technews?id=203038706\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.rootkit.com/newsread.php?newsid=778\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/3259\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.