Lucene search

MitreCVE-2007-0708

HistoryFeb 04, 2007 - 12:28 a.m.

CVE-2007-0708

2007-02-0400:28:00

mitre

web.nvd.nist.gov

cve-2007-0708

comodo firewall pro

cmdmon.sys

ntconnectport

ntcreateport

denial of service

system crash

privilege escalation

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

High

EPSS

Percentile

9.7%

JSON

cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.

Affected configurations

Nvd

Node

comodocomodo_firewall_proMatch2.4.16.174

VendorProductVersionCPE
comodocomodo_firewall_pro2.4.16.174cpe:2.3:a:comodo:comodo_firewall_pro:2.4.16.174:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
comodo	comodo_firewall_pro	2.4.16.174	cpe:2.3:a:comodo:comodo_firewall_pro:2.4.16.174:::::::*

References

securitytracker.com/id?1017580

www.matousec.com/info/advisories/Comodo-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php

www.securityfocus.com/archive/1/458773/100/0/threaded

www.securityfocus.com/bid/22357

exchange.xforce.ibmcloud.com/vulnerabilities/32059

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

High

EPSS

Percentile

9.7%

JSON

Related for CVE-2007-0708