4.9
CVE-2006-7160
- EPSS 0.36%
- Veröffentlicht 07.03.2007 20:19:00
- Zuletzt bearbeitet 16.06.2026 22:34:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Agnitum ≫ Outpost Firewall Editionpro Version <= 4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.273 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 3.9 | 6.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/22913
http://securityreason.com/securityalert/2376
http://www.matousec.com/info/advisories/Outpost-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php
http://www.securityfocus.com/archive/1/451672/100/0/threaded
http://www.securityfocus.com/bid/21097
http://www.vupen.com/english/advisories/2006/4537
https://exchange.xforce.ibmcloud.com/vulnerabilities/30312