CVE-2016-4306 is a vulnerability in Kaspersky Total Security
Published on January 6, 2017
Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability.
Products Associated with CVE-2016-4306
Want to know whenever a new CVE is published for Kaspersky Total Security? stack.watch will email you.
Affected Versions
Kaspersky Total Security Version 16.0.0.614 is affected by CVE-2016-4306Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.