Sign-up

ID

VAR-200709-0264


CVE

CVE-2007-4967


TITLE

Online Armor Personal Firewall Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-004411

DESCRIPTION

Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenProcess, (11) NtOpenThread, (12) NtResumeThread, (13) NtSetContextThread, (14) NtSetValueKey, (15) NtSuspendProcess, (16) NtSuspendThread, and (17) NtTerminateThread. (1) NtAllocateVirtualMemory (2) NtConnectPort (3) NtCreateFile (4) NtCreateKey (5) NtCreatePort (6) NtDeleteFile (7) NtDeleteValueKey (8) NtLoadKey (9) NtOpenFile (10) NtOpenProcess (11) NtOpenThread (12) NtResumeThread (13) NtSetContextThread (14) NtSetValueKey (15) NtSuspendProcess (16) NtSuspendThread (17) NtTerminateThread. Online Armor Personal Firewall 2.0.1.215不能正确确认System Service Descriptor Table (SSDT)函数操作者的特定参数,本地用户可以借助包括(1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenProcess, (11) NtOpenThread, (12) NtResumeThread, (13) NtSetContextThread, (14) NtSetValueKey, (15) NtSuspendProcess, (16) NtSuspendThread,和(17) NtTerminateThread.在内的Windows Native API函数的未明核心SSDT陷阱造成拒绝服务(崩溃)并可能获得特权. Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed. cause denial of service (crash) and possible privilege gain

Trust: 2.52

sources: NVD: CVE-2007-4967 // JVNDB: JVNDB-2007-004411 // CNNVD: CNNVD-200709-228 // BID: 25711 // VULHUB: VHN-28329

AFFECTED PRODUCTS

vendor:online armormodel:personal firewallscope:eqversion:2.0.1.215

Trust: 2.4

vendor:onlinemodel:armor personal firewallscope:eqversion:2.0.1.215

Trust: 0.3

sources: BID: 25711 // JVNDB: JVNDB-2007-004411 // CNNVD: CNNVD-200709-228 // NVD: CVE-2007-4967

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-4967
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-4967
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200709-228
value: MEDIUM

Trust: 0.6

VULHUB: VHN-28329
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-4967
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-28329
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-28329 // JVNDB: JVNDB-2007-004411 // CNNVD: CNNVD-200709-228 // NVD: CVE-2007-4967

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-28329 // JVNDB: JVNDB-2007-004411 // NVD: CVE-2007-4967

THREAT TYPE

local

Trust: 0.9

sources: BID: 25711 // CNNVD: CNNVD-200709-228

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200709-228

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-004411

PATCH
title:Top Pageurl:http://www.online-armor.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-004411

EXTERNAL IDS
db:NVDid:CVE-2007-4967
Trust: 2.8
db:BIDid:25711
Trust: 2.0
db:OSVDBid:45951
Trust: 1.7
db:JVNDBid:JVNDB-2007-004411
Trust: 0.8
db:BUGTRAQid:20070918 PLAGUE IN (SECURITY) SOFTWARE DRIVERS & BSDOHOOK UTILITY
Trust: 0.6
db:CNNVDid:CNNVD-200709-228
Trust: 0.6
db:VULHUBid:VHN-28329
Trust: 0.1
sources:
            
            
            VULHUB: VHN-28329 // 
            
            
            
            BID: 25711 // 
            
            
            
            JVNDB: JVNDB-2007-004411 // 
            
            
            
            CNNVD: CNNVD-200709-228 // 
            
            
            
            NVD: CVE-2007-4967

REFERENCES
url:http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php
Trust: 2.0
url:http://www.securityfocus.com/bid/25711
Trust: 1.7
url:http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php
Trust: 1.7
url:http://osvdb.org/45951
Trust: 1.7
url:http://www.securityfocus.com/archive/1/479830/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4967
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4967
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/479830/100/0/threaded
Trust: 0.6
url:http://www.tallemu.com/
Trust: 0.3
url:/archive/1/479830
Trust: 0.3
sources:
            
            
            VULHUB: VHN-28329 // 
            
            
            
            BID: 25711 // 
            
            
            
            JVNDB: JVNDB-2007-004411 // 
            
            
            
            CNNVD: CNNVD-200709-228 // 
            
            
            
            NVD: CVE-2007-4967

CREDITS
Matousec Transparent Security Research discovered these vulnerabilities.
Trust: 0.3
sources:
            
            
            BID: 25711

SOURCES
db:VULHUBid:VHN-28329
db:BIDid:25711
db:JVNDBid:JVNDB-2007-004411
db:CNNVDid:CNNVD-200709-228
db:NVDid:CVE-2007-4967

LAST UPDATE DATE
2025-04-10T23:01:05.428000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-28329date:2018-10-15T00:00:00
db:BIDid:25711date:2015-05-07T17:35:00
db:JVNDBid:JVNDB-2007-004411date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200709-228date:2007-09-26T00:00:00
db:NVDid:CVE-2007-4967date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-28329date:2007-09-19T00:00:00
db:BIDid:25711date:2007-09-18T00:00:00
db:JVNDBid:JVNDB-2007-004411date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200709-228date:2007-09-18T00:00:00
db:NVDid:CVE-2007-4967date:2007-09-19T01:17:00