Sunbelt Kerio Personal Firewall Denial-of-Service Vulnerability

vendor:

Kerio Personal Firewall

by:

SecurityFocus

7.5

CVSS

HIGH

Denial-of-Service

400

CWE

Product Name: Kerio Personal Firewall

Affected Version From: 4.3.0246

Affected Version To: 4.2.3.912

Patch Exists: YES

Related CWE: N/A

CPE: a:sunbelt_software:kerio_personal_firewall

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2008

Sunbelt Kerio Personal Firewall Denial-of-Service Vulnerability

Sunbelt Kerio Personal Firewall is prone to a denial-of-service vulnerability. This issue can occur when a program calls the 'CreateRemoteThread' Windows API call. Exploitation of this vulnerability could cause the firewall application to crash, potentially exposing the computer to further attacks.

Mitigation:

Ensure that the latest version of Sunbelt Kerio Personal Firewall is installed and running on the system.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/18996/info

Sunbelt Kerio Personal Firewall is prone to a denial-of-service vulnerability. This issue can occur when a program calls the 'CreateRemoteThread' Windows API call.

Exploitation of this vulnerability could cause the firewall application to crash. This could expose the computer to further attacks.

The individual who discovered this vulnerability claims to have tested it on Sunbelt Kerio Personal Firewall versions 4.3.246 and 4.2.3.912. They were unable to reproduce the vulnerability on version 4.2.3.912, which is an older release. The vulnerable functionality may have been introduced at some point after the 4.2.3.912 release, but this has not been confirmed.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/28228.zip