Vulnerability CVE-2007-1051


Published: 2007-02-21   Modified: 2012-02-12

Description:
Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Comodo DLL injection via weak hash function exploitation Vulnerability
Matousec
23.02.2007

Type:

CWE-Other

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Comodo -> Comodo firewall pro 

 References:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052461.html
http://securityreason.com/securityalert/2279
http://www.matousec.com/info/advisories/Comodo-DLL-injection-via-weak-hash-function-exploitation.php
http://www.securityfocus.com/archive/1/460209/100/100/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/32530

Copyright 2022, cxsecurity.com

 

Back to Top