KLV07-07.Klif.sys calling NtOpenProcess vulnerability漏洞近期修复

16000

An advisory has recently been published on rootkit.com regarding a vulnerability in KAV 7.0. Unfortunately, the authors of this material chose not to adhere to industry standard practice, and contact the vendor prior to disclosing vulnerability details. Although the authors claim that all attempts to inform Kaspersky Lab about this vulnerability were ignored, this is not the case: if we had been informed, this issue would have been addressed long ago.
The following products are vulnerable:

• Kaspersky Internet Security 6.0/7.0
• Kaspersky Anti-Virus 6.0/7.0
• Kaspersky Anti-Virus for Windows Workstations 6.0
• Kaspersky Anti-Virus 6.0 for Windows Servers

These products are vulnerable only when run on the following OSs:

• Windows NT
• Windows 2000
• Windows 2003 x86
• Windows XP x86

Products running on other Microsoft OS are not affected by this issue.
This vulnerability is classified as low risk because of its local nature: the user has to manually launch the exploit on his computer. Exploiting the vulnerability results in a critical system error (BSOD) but does not escalate privileges or provide a remote user with control over the computer.
A patch will be issued for this vulnerability in the very near future. The patch will install itself automatically. Additional information will be provided about patch release.


http://www.kaspersky.com/technews?id=203038695
E文不是很好，大概是说针对NT 2000 2003 64位系统的漏洞吧，6，7系列都会发生，近期会修复

E文专业词汇太多，强人来翻译吧

清风千秋雪

支持一下。

Redevil

大致意思是最近在 rootkit.com 上刊登了一篇文章指出了KAV7的一个漏洞，不过卡巴觉得， rootkit.com应该在第一时间与卡巴实验室联系，而不是只在自己的网站上公布这个消息。但是在此前提出漏洞的作者声称已经多次向卡巴反映过这个问题，都被卡巴给忽视了，卡巴认为这不是事实，如果他们被通知了，那一定会立刻把这个问题提上议事日程

以下版本的卡巴产品有这个漏洞:

• Kaspersky Internet Security 6.0/7.0
• Kaspersky Anti-Virus 6.0/7.0
• Kaspersky Anti-Virus for Windows Workstations 6.0
• Kaspersky Anti-Virus 6.0 for Windows Servers

这些卡巴的产品运行在以下这些操作系统会有漏洞:

• Windows NT
• Windows 2000
• Windows 2003 x86
• Windows XP x86

[ 本帖最后由 Redevil 于 2007-6-10 18:58 编辑 ]

mds

原来如此!感谢翻译!

star_xing

我用vista  

yahoo121

呵呵呵，谢谢提醒，也多谢版主翻译……

bookbin

补充下，kaspersky 把这个漏洞定义为低危险级别，因为只是计算机本地用户才能手动进行这个漏洞的操作，远程则无法控制。故从网络安全的角度说，此漏洞对用户的威胁不大。

小虎子

不错态度多好啊