The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Norton Internet Security, Outpost, ZoneAlarm: corruption via SSDT hooking

Synthesis of the vulnerability 

A local attacker can create a denial of service or corrupt memory of some software incorrectly implementing SSDT hooking.
Vulnerable software: Outpost Firewall, ZoneAlarm, Norton Internet Security.
Severity of this announce: 1/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 19/09/2007.
Références of this computer vulnerability: CVE-2007-5042, CVE-2007-5044, CVE-2007-5047, VIGILANCE-VUL-7177.

Description of the vulnerability 

The SSDT table (System Service Descriptor Table) contains references on system calls:
 - NtCreateKey : create a key in registry
 - NtCreateThread : create a thread
 - NtDeleteFile : delete a file
 - etc.

Security software hooks entries in this table to point to specific functions. However, these functions do not correctly check their parameters. A local attacker can thus use malicious attributes in order to generate an error.

This vulnerability leads to a denial of service, and eventually to code execution.

Following software have been identified as vulnerable:
 - BlackICE PC Protection 3.6.cqn
 - G DATA InternetSecurity 2007
 - Ghost Security Suite beta 1.110 and alpha 1.200
 - Kaspersky Internet Security
 - Norton Internet Security 2008
 - Online Armor Personal Firewall
 - Outpost Firewall Pro 4.0.1025.7828
 - Privatefirewall
 - Process Monitor 1.22
 - ProcessGuard 3.410
 - ProSecurity 1.40 Beta 2
 - RegMon 7.04
 - ZoneAlarm Pro 7.0.362.000

These vulnerabilities are different from VIGILANCE-VUL-6271, VIGILANCE-VUL-6704 and VIGILANCE-VUL-6742.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat announce impacts software or systems such as Outpost Firewall, ZoneAlarm, Norton Internet Security.

Our Vigil@nce team determined that the severity of this computer vulnerability is low.

The trust level is of type confirmed by a trusted third party, with an origin of user shell.

This bulletin is about 3 vulnerabilities.

An attacker with a expert ability can exploit this cybersecurity alert.

Solutions for this threat 

Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computers vulnerabilities announce. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.