CVE-2016-4306

Published: Jan 6, 2017Modified: May 6, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability.

Affected (1)

Products: Kaspersky: Total Security

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kaspersky Total Security	Version 16.0.0.614

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (7)

http://www.securitytracker.com/id/1036702

Source: cret@cert.org

http://www.securitytracker.com/id/1036703

Source: cret@cert.org

http://www.talosintelligence.com/reports/TALOS-2016-0168/

Source: cret@cert.org

ExploitTechnical DescriptionThird Party AdvisoryVDB Entry

http://securitytracker.com/id/1036702

Source: nvd@nist.gov

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036702

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036703

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.talosintelligence.com/reports/TALOS-2016-0168/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party AdvisoryVDB Entry

Timeline

No history available yet.