CVE-2016-4306

CVE Database · CVE-2016-4306

CVE-2016-4306

· N/AModified

CVSS v3.1

N/A

EPSS

0.66%

Published

Jan 6, 2017

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory addresses that may be useful in bypassing kernel mitigations. An unprivileged user can run a program from user-mode to trigger this vulnerability.

Weaknesses (CWE)

CWE-200

Affected Products (1)

kaspersky · total_securityvulnerable

References (7)

http://www.securitytracker.com/id/1036702

http://www.securitytracker.com/id/1036703

http://www.talosintelligence.com/reports/TALOS-2016-0168/

ExploitTechnical DescriptionThird Party Advisory

http://securitytracker.com/id/1036702

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036702

http://www.securitytracker.com/id/1036703

http://www.talosintelligence.com/reports/TALOS-2016-0168/

ExploitTechnical DescriptionThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs