Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18024
HistorySep 19, 2007 - 12:00 a.m.

Plague in (security) software drivers & BSDOhook utility

2007-09-1900:00:00
vulners.com
11
JSON

Hello,

We have found number of vulnerabilities in implementations of SSDT hooks in many different products.

Vulnerable software:

 * BlackICE PC Protection 3.6.cqn
 * G DATA InternetSecurity 2007
 * Ghost Security Suite beta 1.110 and alpha 1.200
 * Kaspersky Internet Security 7.0.0.125
 * Norton Internet Security 2008 15.0.0.60
 * Online Armor Personal Firewall 2.0.1.215
 * Outpost Firewall Pro 4.0.1025.7828
 * Privatefirewall 5.0.14.2
 * Process Monitor 1.22
 * ProcessGuard 3.410
 * ProSecurity 1.40 Beta 2
 * RegMon 7.04
 * ZoneAlarm Pro 7.0.362.000
 * probably other versions of above mentioned software
 * possibly many other software products that implement SSDT hooks

Not vulnerable software:

 * Comodo Personal Firewall 2.4.18.184
 * Daemon Tools Lite 4.10 X86
 * Sunbelt Personal Firewall 4.5.916.0

More details and the BSODhook utility that allows everyone to find similar vulnerabilities
easily are available here:

Advisory: http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php
Article: http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php

Regards,


Matousec - Transparent security Research
http://www.matousec.com/

JSON