[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-5173

Date: (C)2012-08-25   (M)2015-12-16
 
CVSS Score: 6.2Access Vector: LOCAL
Exploitability Subscore: 1.9Access Complexity: HIGH
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











** DISPUTED ** Race condition in PC Tools Firewall Plus 6.0.0.88 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.

Reference:
http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html
BID-39924
OSVDB-67660
http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/
http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php
http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php
http://www.f-secure.com/weblog/archives/00001949.html
http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/

CPE    1
cpe:/a:pctools:pctools_firewall:6.0.0.88:-:plus
CWE    1
CWE-362

© 2013 SecPod Technologies