Lucene search

MitreVULNRICHMENT:CVE-2010-5175

HistoryAug 25, 2012 - 9:00 p.m.

CVE-2010-5175

2012-08-2521:00:00

mitre

github.com

race condition

privatefirewall 7.0.20.37

windows xp

kernel-mode

hook handlers

user-space memory

argument-switch attack

khobe attack

disputed issue

protection mechanism

AI Score

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Race condition in PrivateFirewall 7.0.20.37 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:pwicorp:privatefirewall:7.0.20.37:*:*:*:*:*:*:*"
    ],
    "vendor": "pwicorp",
    "product": "privatefirewall",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.20.37"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

archives.neohapsis.com/archives/bugtraq/2010-05/0026.html

archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html

countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/

matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php

matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php

www.f-secure.com/weblog/archives/00001949.html

www.osvdb.org/67660

www.securityfocus.com/bid/39924

www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/