CVE

Id
47748  
CVE No.
CVE-2010-5164  
Status
Candidate  
Description
** DISPUTED ** Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.  
Phase
Assigned (20120825)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
519869 47748 CVE-2010-5164 BUGTRAQ:20100505 KHOBE - 8.0 earthquake for Windows desktop security software  View
519870 47748 CVE-2010-5164 URL:http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html  View
519871 47748 CVE-2010-5164 FULLDISC:20100505 KHOBE - 8.0 earthquake for Windows desktop security software  View
519872 47748 CVE-2010-5164 URL:http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html  View
519873 47748 CVE-2010-5164 MISC:http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/  View
519874 47748 CVE-2010-5164 MISC:http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php  View
519875 47748 CVE-2010-5164 MISC:http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php  View
519876 47748 CVE-2010-5164 MISC:http://www.f-secure.com/weblog/archives/00001949.html  View
519877 47748 CVE-2010-5164 MISC:http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/  View
519878 47748 CVE-2010-5164 BID:39924  View
519879 47748 CVE-2010-5164 URL:http://www.securityfocus.com/bid/39924  View
519880 47748 CVE-2010-5164 OSVDB:67660  View

Related JVN