CVE-2016-4329

Published: Jan 6, 2017Modified: May 6, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism.

Affected (3)

Products: Kaspersky: Anti Virus, Internet Security, Total Security

3 products

Internet Security

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Kaspersky Anti Virus	Version 16.0.0.614
Kaspersky Internet Security	Version 16.0.0.614
Kaspersky Total Security	Version 16.0.0.614

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://www.securityfocus.com/bid/92771

Source: cret@cert.org

http://www.talosintelligence.com/reports/TALOS-2016-0175/

Source: cret@cert.org

ExploitTechnical DescriptionThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/92771/info

Source: nvd@nist.gov

Third Party AdvisoryVDB Entry

https://support.kaspersky.com/vulnerability.aspx?el=12430#010916

Source: nvd@nist.gov

Vendor Advisory

http://www.securityfocus.com/bid/92771

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.talosintelligence.com/reports/TALOS-2016-0175/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party AdvisoryVDB Entry

Timeline

No history available yet.