CVE

Id
28398  
CVE No.
CVE-2007-5041  
Status
Candidate  
Description
G DATA InternetSecurity 2007 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey and (2) NtOpenProcess kernel SSDT hooks.  
Phase
Assigned (20070923)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
295116 28398 CVE-2007-5041 BUGTRAQ:20070918 Plague in (security) software drivers & BSDOhook utility  View
295117 28398 CVE-2007-5041 URL:http://www.securityfocus.com/archive/1/archive/1/479830/100/0/threaded  View
295118 28398 CVE-2007-5041 MISC:http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php  View
295119 28398 CVE-2007-5041 MISC:http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php  View
295120 28398 CVE-2007-5041 OSVDB:45896  View
295121 28398 CVE-2007-5041 URL:http://osvdb.org/45896  View
295122 28398 CVE-2007-5041 SREASON:3161  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
55734 JVNDB-2007-004426 Kaspersky Internet Security におけるサービス運用妨害 (DoS) の脆弱性 Kaspersky Internet Security は、System Service Descriptor Table (SSDT) 関数ハンドラへの特定のパラメータを適切に検証しないため、以下の脆弱性が存在します。 CVE-2007-5043 28398 4.4 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-004426.html  View