CVE-2007-4970

Loading...

General

Score:4.4/10.0
Severity:Low
Category:Input Validation Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Local
Access Complexity:Medium
Authentication:None

Published on 19/09/07 - Updated on 15/11/08

Description

ProcessGuard 3.410 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including (1) NtCreateFile, (2) NtCreateKey, (3) NtDeleteValueKey, (4) NtOpenFile, (5) NtOpenKey, and (6) NtSetValueKey.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2007-4970

Exploits

SecurityFocusBID-25714

Relative technologies

VendorProduct
diamondcsprocessguard

Share this vulnerability with:

Twitter Facebook LinkedIn Mail