Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Vista
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
Plague in (security) software drivers & BSDOhook utility
Sep 18 2007 04:26PM
Matousec - Transparent security Research (research matousec com)
Hello,
We have found number of vulnerabilities in implementations of SSDT hooks in many different products.
Vulnerable software:
* BlackICE PC Protection 3.6.cqn
* G DATA InternetSecurity 2007
* Ghost Security Suite beta 1.110 and alpha 1.200
* Kaspersky Internet Security 7.0.0.125
* Norton Internet Security 2008 15.0.0.60
* Online Armor Personal Firewall 2.0.1.215
* Outpost Firewall Pro 4.0.1025.7828
* Privatefirewall 5.0.14.2
* Process Monitor 1.22
* ProcessGuard 3.410
* ProSecurity 1.40 Beta 2
* RegMon 7.04
* ZoneAlarm Pro 7.0.362.000
* probably other versions of above mentioned software
* possibly many other software products that implement SSDT hooks
Not vulnerable software:
* Comodo Personal Firewall 2.4.18.184
* Daemon Tools Lite 4.10 X86
* Sunbelt Personal Firewall 4.5.916.0
More details and the BSODhook utility that allows everyone to find similar vulnerabilities
easily are available here:
Advisory: http://www.matousec.com/info/advisories/plague-in-security-software-driv
ers.php
Article: http://www.matousec.com/projects/windows-personal-firewall-analysis/plag
ue-in-security-software-drivers.php
Regards,
--
Matousec - Transparent security Research
http://www.matousec.com/
[ reply ]
Privacy Statement
Copyright 2008, SecurityFocus
We have found number of vulnerabilities in implementations of SSDT hooks in many different products.
Vulnerable software:
* BlackICE PC Protection 3.6.cqn
* G DATA InternetSecurity 2007
* Ghost Security Suite beta 1.110 and alpha 1.200
* Kaspersky Internet Security 7.0.0.125
* Norton Internet Security 2008 15.0.0.60
* Online Armor Personal Firewall 2.0.1.215
* Outpost Firewall Pro 4.0.1025.7828
* Privatefirewall 5.0.14.2
* Process Monitor 1.22
* ProcessGuard 3.410
* ProSecurity 1.40 Beta 2
* RegMon 7.04
* ZoneAlarm Pro 7.0.362.000
* probably other versions of above mentioned software
* possibly many other software products that implement SSDT hooks
Not vulnerable software:
* Comodo Personal Firewall 2.4.18.184
* Daemon Tools Lite 4.10 X86
* Sunbelt Personal Firewall 4.5.916.0
More details and the BSODhook utility that allows everyone to find similar vulnerabilities
easily are available here:
Advisory: http://www.matousec.com/info/advisories/plague-in-security-software-driv
ers.php
Article: http://www.matousec.com/projects/windows-personal-firewall-analysis/plag
ue-in-security-software-drivers.php
Regards,
--
Matousec - Transparent security Research
http://www.matousec.com/
[ reply ]