CVE

Id
28397  
CVE No.
CVE-2007-5040  
Status
Candidate  
Description
Ghost Security Suite alpha 1.200 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtCreateThread, (3) NtDeleteValueKey, (4) NtQueryValueKey, (5) NtSetSystemInformation, and (6) NtSetValueKey kernel SSDT hooks.  
Phase
Assigned (20070923)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
295111 28397 CVE-2007-5040 BUGTRAQ:20070918 Plague in (security) software drivers & BSDOhook utility  View
295112 28397 CVE-2007-5040 URL:http://www.securityfocus.com/archive/1/archive/1/479830/100/0/threaded  View
295113 28397 CVE-2007-5040 MISC:http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php  View
295114 28397 CVE-2007-5040 MISC:http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php  View
295115 28397 CVE-2007-5040 SREASON:3161  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
53982 JVNDB-2007-002674 Outpost Firewall Pro におけるサービス運用妨害 (DoS) の脆弱性 Outpost Firewall Pro は、System Service Descriptor Table (SSDT) 関数ハンドラへの特定のパラメータを適切に検証しないため、サービス運用妨害 (クラッシュ) 状態となり、権限を取得される脆弱性が存在します。 CVE-2007-5042 28397 4.6 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002674.html  View