Lucene search

[email protected]CVE-2007-4970

HistorySep 19, 2007 - 1:17 a.m.

CVE-2007-4970

2007-09-1901:17:00

CWE-20

[email protected]

web.nvd.nist.gov

processguard

3.410

ssdt

parameter validation

denial of service

privilege escalation

ntcreatefile

ntcreatekey

ntdeletevaluekey

ntopenfile

ntopenkey

ntsetvaluekey

cve-2007-4970

nvd

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

ProcessGuard 3.410 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateFile, (2) NtCreateKey, (3) NtDeleteValueKey, (4) NtOpenFile, (5) NtOpenKey, and (6) NtSetValueKey.

Affected configurations

NVD

Node

diamondcsprocessguardMatch3.410

CPENameOperatorVersion
diamondcs:processguarddiamondcs processguardeq3.410

CPE	Name	Operator	Version
diamondcs:processguard	diamondcs processguard	eq	3.410

References

osvdb.org/45954

www.matousec.com/info/advisories/plague-in-security-software-drivers.php

www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php

www.securityfocus.com/archive/1/479830/100/0/threaded

www.securityfocus.com/bid/25714

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-4970

prion1 cvelist1 nvd1