Kaspersky Labs Anti-Virus IOCTL Local Privilege Escalation
High Nessus Plugin ID 23996
The remote Windows host contains an application that is prone to a local privilege escalation issue.
The version of Kaspersky Anti-Virus installed on the remote host allows a local attacker to execute arbitrary code with kernel privileges by passing a specially crafted Irp structure to an IOCTL handler used by the KLIN and KLICK device drivers. By leveraging this flaw, a local attacker may be able to gain complete control of the affected system.
Update the virus signatures after 10/12/2006 and restart the computer.