CVE-2010-5167 | Date: (C)2012-08-25 (M)2018-02-19 |
** DISPUTED ** Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : | CVSS Score : 6.2 |
Exploit Score: | Exploit Score: 1.9 |
Impact Score: | Impact Score: 10.0 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: | Access Vector: LOCAL |
Attack Complexity: | Access Complexity: HIGH |
Privileges Required: | Authentication: NONE |
User Interaction: | Confidentiality: COMPLETE |
Scope: | Integrity: COMPLETE |
Confidentiality: | Availability: COMPLETE |
Integrity: | |
Availability: | |
| |