KHOBE - 8.0 earthquake for Windows desktop security software

Hello, We have found number of vulnerabilities in implementations of kernel hooks in many different security products. The argument-switch attack or KHOBE attack affects user mode and kernel mode hooks that are used to implement security features. The hook may be vulnerable if it performs securit...

Rising AntiVirus 2008/2009/2010 Local Privilege Escalation Exploit-vulnerability warning-the black bar safety net

Affected version:Rising AntiVirus 2 0 0 8 / 2 0 0 9 / 2 0 1 0 漏洞 描述 :RsNtGdi.sys not verify the Irp-UserBuffer address. The virus code will restore all of the kernel SSDT hook include "stdafx. h" include "windows. h" enum SystemModuleInformation = 1 1 ; typedef struct ULONG Unknown1; ULONG...

Kill IceSword-vulnerability warning-the black bar safety net

Posted By Inking This article is a study of the Rootkit... and the SSDT Hook magical－against ring0 inline hook after the results. According to the SSDT Hook magical－against ring0 inline hook said, IceSword inline Hook the NtOpenProcess function, but when I wrote out the code when how also unable ...

Kill KV 2 0 0 8, Rising, etc. most of the mollusc-vulnerability warning-the black bar safety net

Article author: sudami [email protected] Information source: evil octal information security team www.eviloctal.com） Original source: http://hi.baidu.com/sudami/blog/item/a0f114dac68fe3dfb6fd481a.html Preface: Writing this article is not to spread the virus technology,but for the majority of compute...

Code injection

CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service system crash and possibly execute arbitrary code in the kernel context via crafted arguments...

Buffer overflow

Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service system crash and possibly execute arbitrary code in the kernel context via crafted arguments to 1 IOCTL functions in the Firewall module or 2 SSDT hook handler functions in the Registry module...

CVE-2008-0365

Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service system crash and possibly execute arbitrary code in the kernel context via crafted arguments to 1 IOCTL functions in the Firewall module or 2 SSDT hook handler functions in the Registry module...

CVE-2008-0365

Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service system crash and possibly execute arbitrary code in the kernel context via crafted arguments to 1 IOCTL functions in the Firewall module or 2 SSDT hook handler functions in the Registry module...

CVE-2008-0366

CVE-2008-0366 affects CORE FORCE prior to 0.95.172. The vulnerability lies in the Registry module SSDT hook handlers where input arguments are not properly validated, enabling a local unprivileged user to trigger a denial of service (system crash) and potentially execute arbitrary code in kernel ...

CVE-2008-0366

CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service system crash and possibly execute arbitrary code in the kernel context via crafted arguments...

Analysis of ring3 under the confrontation 0 8 rising active Defense-vulnerability warning-the black bar safety net

Note: the article has been published in 2 0 0 7 years 1 2 the hack Defense action, after by the original author to submit to the evil octal information security team, the reprint please indicate the original source. I actually for rising antivirus the impression has been is good, to consume...

Bypassing PFW/HIPS open process control with uncommon identifier

Hello, We would like to inform you about a vulnerability in personal firewalls and HIPS software. Description: Windows operating systems with NT kernel version 5.0 and higher i.e. Windows 2000, XP, 2003 use integer numbers divisible by four to identify processes. Internal implementation of system...

Breakthrough Proactive Defense registry monitoring review(updated)-vulnerability warning-the black bar safety net

Currently active Defense concept has been firmly established, many antivirus, software, fire protection, and HIPS are having a registry monitoring function, to prevent from startup items and IE-related key value is modified, to guard against viruses Trojans and malware and other malicious program...