Vulnerability CVE-2004-1658


Published: 2004-09-02   Modified: 2012-02-12

Description:
Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable.

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Kerio -> Personal firewall 

 References:
http://xforce.iss.net/xforce/xfdb/17270
http://www.securityfocus.com/bid/11096
http://www.security.org.sg/vuln/kerio4016.html
http://secunia.com/advisories/12468/
http://marc.theaimsgroup.com/?l=bugtraq&m=109420310631039&w=2

Copyright 2024, cxsecurity.com

 

Back to Top