Code injection

2007-09-1901:17:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

ProSecurity 1.40 Beta 2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenSection, and (5) NtSetSystemTime.

CPENameOperatorVersion
prosecurityeq1.40.0-beta2

CPE	Name	Operator	Version
	prosecurity	eq	1.40.0-beta2

References

osvdb.org/45956

www.matousec.com/info/advisories/plague-in-security-software-drivers.php

www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php

www.securityfocus.com/archive/1/479830/100/0/threaded

www.securityfocus.com/bid/25718