CVE

Id
24066  
CVE No.
CVE-2007-0709  
Status
Candidate  
Description
cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.  
Phase
Assigned (20070203)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
234630 24066 CVE-2007-0709 BUGTRAQ:20070201 Comodo Multiple insufficient argument validation of hooked SSDT function Vulnerability  View
234631 24066 CVE-2007-0709 URL:http://www.securityfocus.com/archive/1/archive/1/458773/100/0/threaded  View
234632 24066 CVE-2007-0709 MISC:http://www.matousec.com/info/advisories/Comodo-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php  View
234633 24066 CVE-2007-0709 BID:22357  View
234634 24066 CVE-2007-0709 URL:http://www.securityfocus.com/bid/22357  View
234635 24066 CVE-2007-0709 SECTRACK:1017580  View
234636 24066 CVE-2007-0709 URL:http://securitytracker.com/id?1017580  View
234637 24066 CVE-2007-0709 XF:comodofirewallpro-cmdmon-dos(32059)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
51529 JVNDB-2007-000191 Apple QuickTime の不正な 3GP ファイルによる整数オーバーフローの脆弱性 Windows プラットフォーム上で動作する Apple QuickTime には、不正な 3GP ビデオファイルを処理した際に整数オーバーフローが発生する脆弱性が存在します。 CVE-2007-0711 24066 7.6 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000191.html  View