Vulnerability Name:

CVE-2007-2965 (CCN-34579)

Assigned:2007-05-29
Published:2007-05-29
Updated:2017-07-29
Summary:Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space."
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2007-2965

Source: OSVDB
Type: UNKNOWN
36727

Source: CCN
Type: SA25439
F-Secure Anti-Virus Real-Time Scanning Component Privilege Escalation

Source: SECUNIA
Type: Patch, Vendor Advisory
25439

Source: CCN
Type: SECTRACK ID: 1018146
F-Secure Internet Security Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges

Source: CCN
Type: SECTRACK ID: 1018148
F-Secure Anti-Virus Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges

Source: CCN
Type: F-Secure Security Bulletin FSC-2007-2
IOCTL vulnerability in Real-time Scanning component of F-Secure workstation and file server products for Windows

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.f-secure.com/security/fsc-2007-2.shtml

Source: CCN
Type: OSVDB ID: 36727
F-Secure Multiple Products Real-time Scanning Component Crafted IRP Packet Local Privilege Escalation

Source: CCN
Type: BID-24237
F-Secure Multiple Products Real-time Scanning Component Local Privilege Escalation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018146

Source: SECTRACK
Type: UNKNOWN
1018148

Source: VUPEN
Type: UNKNOWN
ADV-2007-1985

Source: XF
Type: UNKNOWN
fsecure-realtime-privilege-escalation(34579)

Source: XF
Type: UNKNOWN
fsecure-realtime-privilege-escalation(34579)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:f-secure:f-secure_anti-virus:*:*:linux_gateways:*:*:*:*:* (Version <= 4.65)
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:linux_servers:*:*:*:*:* (Version <= 4.65)
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:windows_servers:*:*:*:*:* (Version <= 5.42)
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:workstations:*:*:*:*:* (Version <= 5.44)
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:citrix_servers:*:*:*:*:* (Version <= 5.52)
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:mimesweeper:*:*:*:*:* (Version <= 5.61)
  • OR cpe:/a:f-secure:f-secure_anti-virus:*:*:ms_exchange:*:*:*:*:* (Version <= 6.40)
  • OR cpe:/a:f-secure:f-secure_anti-virus:2005:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_anti-virus_client_security:*:*:*:*:*:*:*:* (Version <= 6.03)
  • OR cpe:/a:f-secure:f-secure_anti-virus_linux_client_security:*:*:*:*:*:*:*:* (Version <= 5.30)
  • OR cpe:/a:f-secure:f-secure_anti-virus_linux_server_security:*:*:*:*:*:*:*:* (Version <= 5.30)
  • OR cpe:/a:f-secure:f-secure_internet_security:2005:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*
  • OR cpe:/a:f-secure:f-secure_protection_service:*:*:consumers:*:*:*:*:* (Version <= 6.40)
  • OR cpe:/a:f-secure:internet_gatekeeper:*:*:linux:*:*:*:*:* (Version <= 2.16)
  • OR cpe:/a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:* (Version <= 6.60)

    • Configuration CCN 1:
  • cpe:/a:f-secure:f-secure_anti-virus:5.52::windows_servers:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus *
    f-secure f-secure anti-virus 2005
    f-secure f-secure anti-virus 2006
    f-secure f-secure anti-virus 2007
    f-secure f-secure anti-virus client security *
    f-secure f-secure anti-virus linux client security *
    f-secure f-secure anti-virus linux server security *
    f-secure f-secure internet security 2005
    f-secure f-secure internet security 2006
    f-secure f-secure internet security 2007
    f-secure f-secure protection service *
    f-secure internet gatekeeper *
    f-secure internet gatekeeper *
    f-secure f-secure anti-virus 5.52