Sign-up

ID

VAR-200702-0515


CVE

CVE-2007-1051


TITLE

Comodo Firewall Pro Vulnerabilities that prevent security protection

Trust: 0.8

sources: JVNDB: JVNDB-2007-001595

DESCRIPTION

Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value. Comodo Firewall Pro is prone to a local security vulnerability

Trust: 1.98

sources: NVD: CVE-2007-1051 // JVNDB: JVNDB-2007-001595 // BID: 86612 // VULHUB: VHN-24413

AFFECTED PRODUCTS

vendor:comodomodel:firewall proscope:lteversion:2.4.17.183

Trust: 1.8

vendor:comodomodel:firewall proscope:eqversion:2.4.17.183

Trust: 0.9

sources: BID: 86612 // JVNDB: JVNDB-2007-001595 // CNNVD: CNNVD-200702-362 // NVD: CVE-2007-1051

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1051
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-1051
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200702-362
value: MEDIUM

Trust: 0.6

VULHUB: VHN-24413
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-1051
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-24413
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-24413 // JVNDB: JVNDB-2007-001595 // CNNVD: CNNVD-200702-362 // NVD: CVE-2007-1051

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1051

THREAT TYPE

local

Trust: 0.9

sources: BID: 86612 // CNNVD: CNNVD-200702-362

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200702-362

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001595

PATCH
title:Top Pageurl:http://personalfirewall.comodo.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001595

EXTERNAL IDS
db:NVDid:CVE-2007-1051
Trust: 2.8
db:SREASONid:2279
Trust: 2.0
db:OSVDBid:45243
Trust: 1.7
db:XFid:32530
Trust: 0.9
db:JVNDBid:JVNDB-2007-001595
Trust: 0.8
db:CNNVDid:CNNVD-200702-362
Trust: 0.7
db:XFid:32
Trust: 0.6
db:FULLDISCid:20070215 COMODO DLL INJECTION VIA WEAK HASH FUNCTION EXPLOITATION VULNERABILITY
Trust: 0.6
db:BUGTRAQid:20070215 COMODO DLL INJECTION VIA WEAK HASH FUNCTION EXPLOITATION VULNERABILITY
Trust: 0.6
db:BIDid:86612
Trust: 0.4
db:VULHUBid:VHN-24413
Trust: 0.1
sources:
            
            
            VULHUB: VHN-24413 // 
            
            
            
            BID: 86612 // 
            
            
            
            JVNDB: JVNDB-2007-001595 // 
            
            
            
            CNNVD: CNNVD-200702-362 // 
            
            
            
            NVD: CVE-2007-1051

REFERENCES
url:http://lists.grok.org.uk/pipermail/full-disclosure/2007-february/052461.html
Trust: 2.0
url:http://www.matousec.com/info/advisories/comodo-dll-injection-via-weak-hash-function-exploitation.php
Trust: 2.0
url:http://securityreason.com/securityalert/2279
Trust: 2.0
url:http://osvdb.org/45243
Trust: 1.7
url:http://www.securityfocus.com/archive/1/460209/100/100/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/32530
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/32530
Trust: 0.9
url:http://www.securityfocus.com/archive/1/archive/1/460209/100/100/threaded
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1051
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1051
Trust: 0.8
sources:
            
            
            VULHUB: VHN-24413 // 
            
            
            
            BID: 86612 // 
            
            
            
            JVNDB: JVNDB-2007-001595 // 
            
            
            
            CNNVD: CNNVD-200702-362 // 
            
            
            
            NVD: CVE-2007-1051

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 86612

SOURCES
db:VULHUBid:VHN-24413
db:BIDid:86612
db:JVNDBid:JVNDB-2007-001595
db:CNNVDid:CNNVD-200702-362
db:NVDid:CVE-2007-1051

LAST UPDATE DATE
2025-04-10T20:22:35.381000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-24413date:2018-10-16T00:00:00
db:BIDid:86612date:2007-02-21T00:00:00
db:JVNDBid:JVNDB-2007-001595date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200702-362date:2007-02-22T00:00:00
db:NVDid:CVE-2007-1051date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-24413date:2007-02-21T00:00:00
db:BIDid:86612date:2007-02-21T00:00:00
db:JVNDBid:JVNDB-2007-001595date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200702-362date:2007-02-21T00:00:00
db:NVDid:CVE-2007-1051date:2007-02-21T23:28:00