Plague in (security) software drivers & BSDOhook utility

2007.09.24
Credit: Matousec
Risk: High
Local: Yes
Remote: Yes
CWE: N/A

Hello, We have found number of vulnerabilities in implementations of SSDT hooks in many different products. Vulnerable software: * BlackICE PC Protection 3.6.cqn * G DATA InternetSecurity 2007 * Ghost Security Suite beta 1.110 and alpha 1.200 * Kaspersky Internet Security 7.0.0.125 * Norton Internet Security 2008 15.0.0.60 * Online Armor Personal Firewall 2.0.1.215 * Outpost Firewall Pro 4.0.1025.7828 * Privatefirewall 5.0.14.2 * Process Monitor 1.22 * ProcessGuard 3.410 * ProSecurity 1.40 Beta 2 * RegMon 7.04 * ZoneAlarm Pro 7.0.362.000 * probably other versions of above mentioned software * possibly many other software products that implement SSDT hooks Not vulnerable software: * Comodo Personal Firewall 2.4.18.184 * Daemon Tools Lite 4.10 X86 * Sunbelt Personal Firewall 4.5.916.0 More details and the BSODhook utility that allows everyone to find similar vulnerabilities easily are available here: Advisory: http://www.matousec.com/info/advisories/plague-in-security-software-driv ers.php Article: http://www.matousec.com/projects/windows-personal-firewall-analysis/plag ue-in-security-software-drivers.php Regards, -- Matousec - Transparent security Research http://www.matousec.com/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top