Sign-up

ID

VAR-200701-0041


CVE

CVE-2007-0333


TITLE

Agnitum Outpost Firewall PRO Vulnerable to Trojan horse driver insertion into the product installation directory

Trust: 0.8

sources: JVNDB: JVNDB-2007-001401

DESCRIPTION

Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys. Outpost Firewall PRO is prone to a local privilege-escalation vulnerability because it fails to perform adequate SSDT (System Service Descriptor Table) hooking on files in its installation directory. A local attacker can exploit this issue to elevate their privileges, which can lead to the complete compromise of an affected computer. Outpost Firewall PRO 4.0 is vulnerable; other versions may also be affected. Outpost Firewal Pro is a small and exquisite network firewall software, including advertisement and image filtering, content filtering, DNS cache and other functions. Outpost uses various SSDT hooks to protect files and directories in its installation directory, but when implementing this protection, it cannot prevent malicious applications from calling the original API ZwSetInformationFile class FileLinkInformation, which allows attackers to replace the ones that the system does not use when calling this function document. A vulnerable file in the Outpost installation directory is SandBox.sys. An attacker can replace this driver with a fake copy, and the system will load the driver on the next reboot. Since the driver runs in privileged kernel mode, this can result in complete system control

Trust: 1.98

sources: NVD: CVE-2007-0333 // JVNDB: JVNDB-2007-001401 // BID: 22069 // VULHUB: VHN-23695

AFFECTED PRODUCTS

vendor:agnitummodel:outpost firewallscope:eqversion:4.0

Trust: 1.6

vendor:agnitummodel:outpost firewallscope:eqversion:pro 4.0

Trust: 0.8

vendor:agnitummodel:outpost firewall proscope:eqversion:4.0(971.584.079)

Trust: 0.3

vendor:agnitummodel:outpost firewall proscope:eqversion:4.0(964.582.059)

Trust: 0.3

vendor:agnitummodel:outpost firewall proscope:eqversion:4.0(1005.590.123)

Trust: 0.3

vendor:agnitummodel:outpost firewall proscope:eqversion:4.0

Trust: 0.3

sources: BID: 22069 // JVNDB: JVNDB-2007-001401 // CNNVD: CNNVD-200701-255 // NVD: CVE-2007-0333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0333
value: HIGH

Trust: 1.0

NVD: CVE-2007-0333
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200701-255
value: HIGH

Trust: 0.6

VULHUB: VHN-23695
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-0333
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-23695
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-23695 // JVNDB: JVNDB-2007-001401 // CNNVD: CNNVD-200701-255 // NVD: CVE-2007-0333

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0333

THREAT TYPE

local

Trust: 0.9

sources: BID: 22069 // CNNVD: CNNVD-200701-255

TYPE

Design Error

Trust: 0.9

sources: BID: 22069 // CNNVD: CNNVD-200701-255

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001401

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-23695

PATCH
title:Top Pageurl:http://www.agnitum.com/products/outpost/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001401

EXTERNAL IDS
db:NVDid:CVE-2007-0333
Trust: 2.5
db:BIDid:22069
Trust: 2.0
db:SREASONid:2163
Trust: 1.7
db:OSVDBid:33480
Trust: 1.7
db:JVNDBid:JVNDB-2007-001401
Trust: 0.8
db:CNNVDid:CNNVD-200701-255
Trust: 0.7
db:BUGTRAQid:20070115 OUTPOST BYPASSING SELF-PROTECTION USING FILE LINKS VULNERABILITY
Trust: 0.6
db:XFid:31529
Trust: 0.6
db:SEEBUGid:SSVID-82968
Trust: 0.1
db:EXPLOIT-DBid:29465
Trust: 0.1
db:VULHUBid:VHN-23695
Trust: 0.1
sources:
            
            
            VULHUB: VHN-23695 // 
            
            
            
            BID: 22069 // 
            
            
            
            JVNDB: JVNDB-2007-001401 // 
            
            
            
            CNNVD: CNNVD-200701-255 // 
            
            
            
            NVD: CVE-2007-0333

REFERENCES
url:http://www.matousec.com/info/advisories/outpost-bypassing-self-protection-using-file-links.php
Trust: 2.0
url:http://www.securityfocus.com/bid/22069
Trust: 1.7
url:http://osvdb.org/33480
Trust: 1.7
url:http://securityreason.com/securityalert/2163
Trust: 1.7
url:http://www.securityfocus.com/archive/1/456973/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/31529
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0333
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0333
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/456973/100/0/threaded
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/31529
Trust: 0.6
url:http://www.agnitum.com/products/outpost/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-23695 // 
            
            
            
            BID: 22069 // 
            
            
            
            JVNDB: JVNDB-2007-001401 // 
            
            
            
            CNNVD: CNNVD-200701-255 // 
            
            
            
            NVD: CVE-2007-0333

CREDITS
Matousec http://www.matousec.com/
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200701-255

SOURCES
db:VULHUBid:VHN-23695
db:BIDid:22069
db:JVNDBid:JVNDB-2007-001401
db:CNNVDid:CNNVD-200701-255
db:NVDid:CVE-2007-0333

LAST UPDATE DATE
2025-04-10T23:11:44.558000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-23695date:2018-10-16T00:00:00
db:BIDid:22069date:2007-01-16T20:20:00
db:JVNDBid:JVNDB-2007-001401date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200701-255date:2007-01-19T00:00:00
db:NVDid:CVE-2007-0333date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-23695date:2007-01-18T00:00:00
db:BIDid:22069date:2007-01-15T00:00:00
db:JVNDBid:JVNDB-2007-001401date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200701-255date:2007-01-17T00:00:00
db:NVDid:CVE-2007-0333date:2007-01-18T02:28:00