Lucene search

[email protected]CVE-2006-3787

HistoryJul 24, 2006 - 12:19 p.m.

CVE-2006-3787

2006-07-2412:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sunbelt kerio personal firewall

kpf4ss.exe

denial of service

cve-2006-3787

nvd

7.1 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

9.4%

JSON

kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread.

CPENameOperatorVersion
kerio:personal_firewallkerio personal firewallle4.3.246

CPE	Name	Operator	Version
kerio:personal_firewall	kerio personal firewall	le	4.3.246

References

secunia.com/advisories/21060

securityreason.com/securityalert/1260

www.matousec.com/info/advisories/Kerio-Terminating-kpf4ss-exe-using-internal-runtime-error.php

www.securityfocus.com/archive/1/440112/100/100/threaded

www.securityfocus.com/bid/18996

www.vupen.com/english/advisories/2006/2828

7.1 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

9.4%

JSON

Related for CVE-2006-3787

cvelist1