Lucene search

[email protected]CVE-2007-0709

HistoryFeb 04, 2007 - 12:28 a.m.

CVE-2007-0709

2007-02-0400:28:00

[email protected]

web.nvd.nist.gov

cve-2007-0709

cmdmon.sys

comodo firewall pro

denial of service

privilege escalation

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.

Affected configurations

NVD

Node

comodocomodo_firewall_proRange≤2.4.16.174

CPENameOperatorVersion
comodo:comodo_firewall_procomodo comodo firewall prole2.4.16.174

CPE	Name	Operator	Version
comodo:comodo_firewall_pro	comodo comodo firewall pro	le	2.4.16.174

References

securitytracker.com/id?1017580

www.matousec.com/info/advisories/Comodo-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php

www.securityfocus.com/archive/1/458773/100/0/threaded

www.securityfocus.com/bid/22357

exchange.xforce.ibmcloud.com/vulnerabilities/32059

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-0709

nvd2 prion2 cvelist2 cve1 securityvulns1