Vulnerability Name: | CVE-2007-0708 (CCN-32059) | ||||||||
Assigned: | 2007-02-01 | ||||||||
Published: | 2007-02-01 | ||||||||
Updated: | 2018-10-16 | ||||||||
Summary: | cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments. | ||||||||
CVSS v3 Severity: | 6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.5 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UC)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:U/RC:UC)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Denial of Service | ||||||||
References: | Source: CCN Type: Full-Disclosure Mailing List, Thu Feb 01 2007 - 05:40:39 CST Comodo Multiple insufficient argument validation of hooked SSDT function Vulnerability Source: MITRE Type: CNA CVE-2007-0708 Source: MITRE Type: CNA CVE-2007-0709 Source: CCN Type: SECTRACK ID: 1017580 Comodo Firewall Pro `cmdmon.sys` Driver Lets Local Users Deny Service and Potentially Gain Elevated Privileges Source: SECTRACK Type: UNKNOWN 1017580 Source: CCN Type: Matousec Transparent Security Advisory 2007-02-01.01 Comodo Multiple insufficient argument validation of hooked SSDT function Vulnerability Source: MISC Type: UNKNOWN http://www.matousec.com/info/advisories/Comodo-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php Source: CCN Type: OSVDB ID: 33632 Comodo Firewall Pro cmdmon.sys Multiple Hooked SSDT Functions Local DoS Source: CCN Type: OSVDB ID: 44928 Comodo Firewall Pro Multiple Hooked SSDT Functions Local DoS Source: CCN Type: Comodo Firewall Pro Web site Firewall Free Firewall Protection Best Firewall Test Firewall Software Network Security Internet Attacks Computer Personal Firewall Source: CCN Type: Comodo Firewall Pro Web site (download and support) ree Firewall Protection Software Best Firewall Computer Security Free Personal Firewall Source: BUGTRAQ Type: UNKNOWN 20070201 Comodo Multiple insufficient argument validation of hooked SSDT function Vulnerability Source: BID Type: UNKNOWN 22357 Source: CCN Type: BID-22357 Comodo Firewall CMDMon.SYS Multiple Denial of Service Vulnerabilities Source: XF Type: UNKNOWN comodofirewallpro-cmdmon-dos(32059) Source: XF Type: UNKNOWN comodofirewallpro-cmdmon-dos(32059) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |