Vulnerability Details CVE-2007-4968
Privatefirewall 5.0.14.2 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via kernel SSDT hooks for (1) NtOpenProcess and (2) NtOpenThread.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.5%
CVSS Severity
CVSS v2 Score 4.4
References
- http://osvdb.org/45952
- http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php
- http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php
- http://www.securityfocus.com/archive/1/479830/100/0/threaded
- http://www.securityfocus.com/bid/25712
- http://osvdb.org/45952
- http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php
- http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php
- http://www.securityfocus.com/archive/1/479830/100/0/threaded
- http://www.securityfocus.com/bid/25712
Products affected by CVE-2007-4968
-
cpe:2.3:a:privacyware:privatefirewall:5.0.14.2