Sign-up

ID

VAR-201208-0040


CVE

CVE-2010-5164


TITLE

Windows XP Run on KingSoft Personal Firewall 9 Kernel mode hook handler bypass vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-005750

DESCRIPTION

Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. ** Unsettled ** This case has not been confirmed as a vulnerability. This vulnerability is also known as argument-switch Attack, or KHOBE It is called an attack

Trust: 1.71

sources: NVD: CVE-2010-5164 // JVNDB: JVNDB-2010-005750 // VULHUB: VHN-47769

AFFECTED PRODUCTS

vendor:kingsoftmodel:personal firewall 9scope:eqversion:2009.05.07.70

Trust: 1.0

vendor:kingsoftmodel:personal firewall 9scope:eqversion:plus 2009.05.07.70

Trust: 0.8

sources: JVNDB: JVNDB-2010-005750 // NVD: CVE-2010-5164

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-5164
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2010-5164
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-5164
value: MEDIUM

Trust: 0.8

VULHUB: VHN-47769
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-5164
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-47769
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2010-5164
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-47769 // JVNDB: JVNDB-2010-005750 // NVD: CVE-2010-5164 // NVD: CVE-2010-5164

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

problemtype:CWE-94

Trust: 1.0

sources: VULHUB: VHN-47769 // JVNDB: JVNDB-2010-005750 // NVD: CVE-2010-5164

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201208-745

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-005750

PATCH
title:トップページurl:https://www.kingsoft.jp/
Trust: 0.8
title:DefenseWall Personal Firewall Repair measures for the competition condition problem loopholeurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172053
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2010-005750 // 
            
            
            
            CNNVD: CNNVD-201208-745

EXTERNAL IDS
db:BIDid:39924
Trust: 2.5
db:NVDid:CVE-2010-5164
Trust: 2.5
db:OSVDBid:67660
Trust: 1.1
db:JVNDBid:JVNDB-2010-005750
Trust: 0.8
db:CNNVDid:CNNVD-201208-745
Trust: 0.6
db:VULHUBid:VHN-47769
Trust: 0.1
sources:
            
            
            VULHUB: VHN-47769 // 
            
            
            
            JVNDB: JVNDB-2010-005750 // 
            
            
            
            CNNVD: CNNVD-201208-745 // 
            
            
            
            NVD: CVE-2010-5164

REFERENCES
url:http://www.securityfocus.com/bid/39924
Trust: 2.5
url:http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/
Trust: 2.5
url:http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html
Trust: 1.7
url:http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html
Trust: 1.7
url:http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/
Trust: 1.7
url:http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php
Trust: 1.7
url:http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php
Trust: 1.7
url:http://www.f-secure.com/weblog/archives/00001949.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2010-5164
Trust: 1.4
url:http://www.osvdb.org/67660
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5164
Trust: 0.8
sources:
            
            
            VULHUB: VHN-47769 // 
            
            
            
            JVNDB: JVNDB-2010-005750 // 
            
            
            
            CNNVD: CNNVD-201208-745 // 
            
            
            
            NVD: CVE-2010-5164

SOURCES
db:VULHUBid:VHN-47769
db:JVNDBid:JVNDB-2010-005750
db:CNNVDid:CNNVD-201208-745
db:NVDid:CVE-2010-5164

LAST UPDATE DATE
2025-04-11T22:49:28.809000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-47769date:2012-08-27T00:00:00
db:JVNDBid:JVNDB-2010-005750date:2019-07-29T00:00:00
db:CNNVDid:CNNVD-201208-745date:2021-11-30T00:00:00
db:NVDid:CVE-2010-5164date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-47769date:2012-08-25T00:00:00
db:JVNDBid:JVNDB-2010-005750date:2019-07-29T00:00:00
db:CNNVDid:CNNVD-201208-745date:2012-08-25T00:00:00
db:NVDid:CVE-2010-5164date:2012-08-25T21:55:03.007