22 matches found
Outpost Firewall PRO 4.0 - Local Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20860/info Outpost Firewall PRO is prone to a local denial-of-service vulnerability because the application fails to properly handle unexpected input. Exploiting this issue allows local attackers to crash affected...
CVE-2007-5042
Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via the 1 NtCreateKey, 2 NtDeleteFile, 3 NtLoadDriver, 4...
CVE-2007-5042
Outpost Firewall Pro 4.0.1025.7828 is affected by CVE-2007-5042, where the driver does not properly validate parameters to SSDT function handlers, enabling a local user to crash the system and potentially gain privileges via kernel SSDT hooks (NtCreateKey, NtDeleteFile, NtLoadDriver, NtOpenProces...
CVE-2006-7160
The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service crash via invalid arguments to the 1 NtAssignProcessToJobObject,, 2 NtCreateKey, 3 NtCreateThread, 4...
CVE-2006-7160
The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service crash via invalid arguments to the 1 NtAssignProcessToJobObject,, 2 NtCreateKey, 3 NtCreateThread, 4...
CVE-2006-7160
Summary: CVE-2006-7160 affects the Sandbox.sys driver in Outpost Firewall PRO 4.0 (and possibly earlier versions). It does not validate arguments to hooked SSDT functions, allowing a local attacker to cause a denial of service (crash) by passing invalid arguments to a set of SSDT handlers, includ...
Outpost Firewall PRO本地特权提升漏洞
Outpost Firewall PRO是一款防火墙应用程序。 Outpost Firewall PRO执行SSDT HOOKING操作存在问题,本地攻击者可以利用漏洞提升特权。 Outpost Firewall PRO保护自身文件并禁止其他应用程序操作。在安装目录中的文件和目录通过各种SSDT HOOK来保护,但是这种保护实现没有防止恶意程序调用API ZwSetInformationFile class...
Outpost Bypassing Self-Protection using file links Vulnerability
Hello, We would like to inform you about a vulnerability in Outpost Firewall PRO 4.0. Description: Outpost protects its files and forbids other applications to manipulate them. Files and directories in its installation directory are guarded by various SSDT hooks. However, the implementation of th...
Outpost Firewall PRO 4.0 - Local Privilege Escalation
Outpost Firewall PRO 4.0 - Local Privilege Escalation source: https://www.securityfocus.com/bid/22069/info Outpost Firewall PRO is prone to a local privilege-escalation vulnerability because it fails to perform adequate SSDT System Service Descriptor Table hooking on files in its installation...
Outpost Firewall PRO 4.0 - Local Privilege Escalation
source: https://www.securityfocus.com/bid/22069/info Outpost Firewall PRO is prone to a local privilege-escalation vulnerability because it fails to perform adequate SSDT System Service Descriptor Table hooking on files in its installation directory. A local attacker can exploit this issue to...
Outpost Firewall PRO安全绕过漏洞
Outpost Firewall PRO是一款桌面防火墙程序。 Outpost Firewall PRO处理DLL注入存在问题,远程攻击者可以利用漏洞绕过安全防护放置木马程序。 Outpost Firewall PRO虽然对普通的DLL注入进行防护,防止其他进程操作它自身服务进程,但是没有保护针对不依靠写入目标进程内存的技术,因此可导致使用恶意DLL感染services.exe并执行任意代码。 Agnitum Outpost Firewall PRO 4.0 目前没有解决方案提供: http://www.agnitum.com/products/outpost/...
Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability
Hello, We would like to inform you about a vulnerability in Outpost Firewall PRO 4.0. Description: Outpost Firewall PRO hooks many functions in SSDT and in at least twelve cases it fails to validate arguments that come from user mode. User calls to NtAssignProcessToJobObject, NtCreateKey,...
CVE-2006-5721
The CVE-2006-5721 entry concerns Outpost Firewall PRO 4.0, where the \Device\SandBox driver is affected. A local user can trigger a denial-of-service (system crash) by passing an invalid argument to DeviceIoControl, causing an invalid memory operation. The available documents do not specify a pat...
Outpost Insufficient validation of 'SandBox' driver input buffer
Hello, We would like to inform you about a vulnerability in Outpost Firewall PRO 4.0. Description: Outpost insufficiently protects its driver DeviceSandBox against a manipulation by malicious applications and it fails to validate its input buffer. It is possible to open this driver and send...
Outpost Firewall PRO 4.0 - Local Denial of Service
Outpost Firewall PRO 4.0 - Local Denial of Service source: https://www.securityfocus.com/bid/20860/info Outpost Firewall PRO is prone to a local denial-of-service vulnerability because the application fails to properly handle unexpected input. Exploiting this issue allows local attackers to crash...
Outpost Firewall PRO 4.0 - Local Denial of Service
source: https://www.securityfocus.com/bid/20860/info Outpost Firewall PRO is prone to a local denial-of-service vulnerability because the application fails to properly handle unexpected input. Exploiting this issue allows local attackers to crash affected computers, denying service to legitimate...
CVE-2006-3697
Agnitum Outpost Firewall Pro 3.51.759.6511 462, as used in 1 Lavasoft Personal Firewall 1.0.543.5722 433 and 2 Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain...
CVE-2006-3696
filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 462 allows local users to cause a denial of service crash via long arguments to mshta.exe...
CVE-2006-3696
filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 462 allows local users to cause a denial of service crash via long arguments to mshta.exe...
CVE-2006-3696
The CVE concerns filtnt.sys in Outpost Firewall Pro—prior to version 3.51.759.6511 (462)—where local users can trigger a denial of service (crash) by passing long arguments to mshta.exe. Impact is a local DoS with partial availability impact; exploitation is described as local with no authenticat...