EUVD-2007-4951

Malware in sbrugna...

Code injection

BitDefender Antivirus 2008 20080118 and earlier allows local users to cause a denial of service system crash via an invalid pointer to the CLIENTID structure in a call to the NtOpenProcess hooked System Service Descriptor Table SSDT function...

CVE-2007-5047

Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via the NtOpenSection kernel SSDT hook. NOTE: the NtCreateMutan...

CVE-2007-5042

Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via the 1 NtCreateKey, 2 NtDeleteFile, 3 NtLoadDriver, 4...

Information disclosure

Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via the 1 NtCreateKey, 2 NtDeleteFile, 3 NtLoadDriver, 4...

Code injection

Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to 1 cause a denial of service crash and possibly gain privileges via the NtCreateSection kernel SSDT hook or 2 cause a denial of...

Code injection

Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via the NtOpenSection kernel SSDT hook. NOTE: the NtCreateMutan...

CVE-2007-5040

Ghost Security Suite alpha 1.200 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via the 1 NtCreateKey, 2 NtCreateThread, 3 NtDeleteValueKey, 4...

CVE-2007-5042

Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via the 1 NtCreateKey, 2 NtDeleteFile, 3 NtLoadDriver, 4...

CVE-2007-4967

Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API...

CVE-2007-4969

Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including 1...

CVE-2007-4970

ProcessGuard 3.410 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including 1 NtCreateFile, 2...

CVE-2007-4967

Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API...

CVE-2007-4969

Process Monitor 1.22 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including 1...

Kaspersky Multiple insufficient argument validation of hooked SSDT function Vulnerability

Hello, We would like to inform you about a vulnerability in Kaspersky Internet Security 6. Description: Kaspersky Internet Security hooks many functions in SSDT and in at least nine cases it fails to validate arguments that come from the user mode. User calls to NtCreateKey, NtCreateProcess,...

ZoneAlarm Vsdatant.SYS驱动本地拒绝服务漏洞

ZoneAlarm是一款流行的个人防火墙系统。 ZoneAlarm 'vsdatant.sys'驱动处理参数存在问题，本地攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 SSDT函数句柄执行在内核模式下执行，但他们的调用者执行在用户模式下，因此所有函数参数来自用户模式，所以必须严格验证这些参数，不正确使用这些函数可导致系统崩溃。 ZoneAlarm在SSDT中hook多个函数，其中至少有2个情况下缺少丢来自用户模式下的参数数据，由于Kerio驱动fwdrv.sys和khips.sys驱动的错误，用户调用不合法的NtCreateKey和NtDeleteFile参数值可导致系统崩溃。 Zon...

ZoneAlarm 6.1.744.0016.5.737.000 - Vsdatant.SYS Driver Local Denial of Service

ZoneAlarm 6.1.744.0016.5.737.000 - Vsdatant.SYS Driver Local Denial of Service // source: https://www.securityfocus.com/bid/23494/info ZoneAlarm is prone to a local denial-of-service vulnerability. This issue occurs when attackers supply invalid argument values to the 'vsdatant.sys' driver. A loc...

CVE-2007-1793

SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service crash or possibly execute arbitrary code via crafted arguments to the 1...

Comodo Firewall Pro privilege escalation

Insufficient filtering of hooked SSDT functions potentially allows code execution in system content...

[Full-disclosure] Comodo Multiple insufficient argument validation of hooked SSDT function Vulnerability

Hello, We would like to inform you about a vulnerability in Comodo Firewall Pro. Description: Comodo Firewall Pro former Comodo Personal Firewall hooks many functions in SSDT and in at least seven cases it fails to validate arguments that come from the user mode. User calls to NtConnectPort CFP...