Lucene search
MitreCVE-2006-6620HistoryDec 18, 2006 - 11:28 a.m.
CVE-2006-6620
2006-12-1811:28:00
mitre
web.nvd.nist.gov
24
comodo personal firewall
cve-2006-6620
process environment block
security vulnerability
spoofing
nvd
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.6
Confidence
Low
EPSS
0
Percentile
9.5%
Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product’s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Affected configurations
Node
avgantivirus_plus_firewallMatch7.5.431
ORcomodocomodo_personal_firewallMatch2.3.6.81
ORfilseclabpersonal_firewallMatch3.0.8686
ORinfoprocessantihookMatch3.0.23
ORsoft4everlook_n_stopMatch2.05p2
ORsymantecsygate_personal_firewallMatch5.6.2808
| Vendor | Product | Version | CPE |
|---|---|---|---|
| avg | antivirus_plus_firewall | 7.5.431 | cpe:2.3:a:avg:antivirus_plus_firewall:7.5.431:*:*:*:*:*:*:* |
| comodo | comodo_personal_firewall | 2.3.6.81 | cpe:2.3:a:comodo:comodo_personal_firewall:2.3.6.81:*:*:*:*:*:*:* |
| filseclab | personal_firewall | 3.0.8686 | cpe:2.3:a:filseclab:personal_firewall:3.0.8686:*:*:*:*:*:*:* |
| infoprocess | antihook | 3.0.23 | cpe:2.3:a:infoprocess:antihook:3.0.23:*:*:*:*:*:*:* |
| soft4ever | look_n_stop | 2.05p2 | cpe:2.3:a:soft4ever:look_n_stop:2.05p2:*:*:*:*:*:*:* |
| symantec | sygate_personal_firewall | 5.6.2808 | cpe:2.3:a:symantec:sygate_personal_firewall:5.6.2808:*:*:*:*:*:*:* |
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.6
Confidence
Low
EPSS
0
Percentile
9.5%
Related for CVE-2006-6620