Lucene search

[email protected]CVE-2007-2729

HistoryMay 16, 2007 - 10:30 p.m.

CVE-2007-2729

2007-05-1622:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

comodo

firewall

pro

personal

nt kernel

api

vulnerability

nvd

cve-2007-2729

7.3 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.

CPENameOperatorVersion
comodo:comodo_personal_firewallcomodo comodo personal firewalleq2.3.6.81
comodo:comodo_firewall_procomodo comodo firewall proeq2.4.18.184

CPE	Name	Operator	Version
comodo:comodo_personal_firewall	comodo comodo personal firewall	eq	2.3.6.81
comodo:comodo_firewall_pro	comodo comodo firewall pro	eq	2.4.18.184

References

osvdb.org/37375

securityreason.com/securityalert/2714

www.matousec.com/info/advisories/Bypassing-PWF-HIPS-open-process-control-with-uncommon-identifier.php

www.securityfocus.com/archive/1/468643/100/0/threaded

7.3 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2007-2729

cvelist1 prion1