Lucene search

MitreCVE-2007-2729

HistoryMay 16, 2007 - 10:30 p.m.

CVE-2007-2729

2007-05-1622:30:00

mitre

web.nvd.nist.gov

comodo

firewall

pro

personal

nt kernel

api

vulnerability

nvd

cve-2007-2729

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

Percentile

5.1%

JSON

Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.

Affected configurations

Nvd

Node

comodocomodo_firewall_proMatch2.4.18.184

comodocomodo_personal_firewallMatch2.3.6.81

VendorProductVersionCPE
comodocomodo_firewall_pro2.4.18.184cpe:2.3:a:comodo:comodo_firewall_pro:2.4.18.184:*:*:*:*:*:*:*
comodocomodo_personal_firewall2.3.6.81cpe:2.3:a:comodo:comodo_personal_firewall:2.3.6.81:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
comodo	comodo_firewall_pro	2.4.18.184	cpe:2.3:a:comodo:comodo_firewall_pro:2.4.18.184:::::::*
comodo	comodo_personal_firewall	2.3.6.81	cpe:2.3:a:comodo:comodo_personal_firewall:2.3.6.81:::::::*

References

osvdb.org/37375

securityreason.com/securityalert/2714

www.matousec.com/info/advisories/Bypassing-PWF-HIPS-open-process-control-with-uncommon-identifier.php

www.securityfocus.com/archive/1/468643/100/0/threaded

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-2729