exploitDog

CVE-2006-7160

Опубликовано: 07 мар. 2007

Источник: nvd

CVSS2: 4.9

EPSS Низкий

Описание

The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:agnitum:outpost_firewall:*:*:pro:*:*:*:*:*

Версия до 4.0 (включая)

EPSS

Процентиль: 20%

0.00064

Низкий

4.9 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-78pc-3w8m-h368

github

почти 4 года назад

The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions.

EPSS

Процентиль: 20%

0.00064

Низкий

4.9 Medium

CVSS2

Дефекты

CWE-20