header-logo
Suggest Exploit
vendor:
CORE FORCE Firewall and Registry modules
by:
SecurityFocus
7.2
CVSS
HIGH
Local Kernel Buffer-Overflow
119
CWE
Product Name: CORE FORCE Firewall and Registry modules
Affected Version From: 0.95.167
Affected Version To: 0.95.167
Patch Exists: YES
Related CWE: N/A
CPE: a:core_force:core_force_firewall_and_registry_modules
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

CORE FORCE Firewall and Registry modules Local Kernel Buffer-Overflow Vulnerabilities

CORE FORCE Firewall and Registry modules are prone to multiple local kernel buffer-overflow vulnerabilities because the software fails to adequately verify user-supplied input. Local attackers can exploit these issues to cause denial-of-service conditions. Attackers may also be able to escalate privileges and execute arbitrary code, but this has not been confirmed. All the vulnerabilities can be reproduced by running a combination of DC2 and BSODHook tools. Step by step instructions: Get DC2.exe (Driver Path Verifier) from the latest Windows Driver Kit. Login as unprivileged user. Run 'dc2 /hct /a'. Get BSODHook.exe from Matousec http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php Click on 'Load Driver' then click on 'Find SSDT hooks' then 'Add to probe list' and then 'GO'. BSODHook will crash the system.

Mitigation:

Upgrade to the latest version of CORE FORCE Firewall and Registry modules.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/27341/info

CORE FORCE Firewall and Registry modules are prone to multiple local kernel buffer-overflow vulnerabilities because the software fails to adequately verify user-supplied input.

Local attackers can exploit these issues to cause denial-of-service conditions. Attackers may also be able to escalate privileges and execute arbitrary code, but this has not been confirmed.

These issues affect versions up to and including CORE FORCE 0.95.167.

All the vulnerabilities can be reproduced by running a combination of
DC2 and BSODHook tools.

Step by step instructions:

- Get DC2.exe (Driver Path Verifier) from the latest Windows Driver Kit.

- Login as unprivileged user.

- Run "dc2 /hct /a".

- Get BSODHook.exe from Matousec 
http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php

- Click on "Load Driver" then click on "Find SSDT hooks" then "Add to
probe list" and then "GO".

Navigation

Suggest Exploit

Services By CQR