Vulnerability CVE-2010-5153


Published: 2012-08-25

Description:
** DISPUTED ** Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.

Type:

CWE-362

Vendor: Avira
Product: Premium security suite 
Version: 10.0.0.536;

CVSS2 => (AV:L/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.2/10
10/10
1.9/10
Exploit range
Attack complexity
Authentication
Local
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/
http://www.securityfocus.com/bid/39924
http://www.osvdb.org/67660
http://www.f-secure.com/weblog/archives/00001949.html
http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php
http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php
http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html
http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html

Related CVE
CVE-2019-11396
An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation performed by the product. Files can be crea...
CVE-2016-10402
Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow.
CVE-2015-7732
The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext.
CVE-2017-6417
Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-prot...
CVE-2015-7303
Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header.
CVE-2014-5576
The Avira Secure Backup (aka com.avira.avirabackup) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificat...
CVE-2012-1459
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Clam...
CVE-2012-1457
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsi...

Copyright 2019, cxsecurity.com

 

Back to Top