2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.4%
Vulnerability was found in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver in Kaspersky products. By exploiting this vulnerability malicious users can cause an access violation and a denial of service as a result. This vulnerability can be exploited locally via a specialy designed IOCTL signal.
Technical details
Vulnerability can be exploited only in case machine already contains a malicious program.
CVE-2016-4307 warning
Install all updates for the products
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.4%