Lucene search

[email protected]CVE-2006-6619

HistoryDec 18, 2006 - 11:28 a.m.

CVE-2006-6619

2006-12-1811:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

avg

anti-virus

firewall

vulnerability

process identification

cve-2006-6619

nvd

7 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product’s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.

CPENameOperatorVersion
soft4ever:look_n_stopsoft4ever look n stopeq2.05p2
avg:antivirus_plus_firewallavg antivirus plus firewalleq7.5.431
comodo:comodo_personal_firewallcomodo comodo personal firewalleq2.3.6.81
infoprocess:antihookinfoprocess antihookeq3.0.23
symantec:sygate_personal_firewallsymantec sygate personal firewalleq5.6.2808
filseclab:personal_firewallfilseclab personal firewalleq3.0.8686

CPE	Name	Operator	Version
soft4ever:look_n_stop	soft4ever look n stop	eq	2.05p2
avg:antivirus_plus_firewall	avg antivirus plus firewall	eq	7.5.431
comodo:comodo_personal_firewall	comodo comodo personal firewall	eq	2.3.6.81
infoprocess:antihook	infoprocess antihook	eq	3.0.23
symantec:sygate_personal_firewall	symantec sygate personal firewall	eq	5.6.2808
filseclab:personal_firewall	filseclab personal firewall	eq	3.0.8686

References

www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip

www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php

www.securityfocus.com/archive/1/454522/100/0/threaded

www.securityfocus.com/bid/21615

7 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON