Details of VAR-201208-0051

ID

VAR-201208-0051

CVE

CVE-2010-5175

TITLE

Windows XP Run on PrivateFirewall Kernel mode hook handler bypass vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-005728

DESCRIPTION

Race condition in PrivateFirewall 7.0.20.37 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. ** Unsettled ** This case has not been confirmed as a vulnerability. This vulnerability is also known as argument-switch Attack, or KHOBE It is called an attack

Trust: 1.71

sources: NVD: CVE-2010-5175 // JVNDB: JVNDB-2010-005728 // VULHUB: VHN-47780

AFFECTED PRODUCTS

vendor:	pwicorp	model:	privatefirewall	scope:	eq	version:	7.0.20.37	Trust: 1.0
vendor:	pwi	model:	privatefirewall	scope:	eq	version:	7.0.20.37	Trust: 0.8

sources: JVNDB: JVNDB-2010-005728 // NVD: CVE-2010-5175

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-5175
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2010-5175
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-5175
value:	MEDIUM
Trust: 0.8
VULHUB:	VHN-47780
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-5175
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-47780
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2010-5175
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.3
impactScore:	3.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-47780 // JVNDB: JVNDB-2010-005728 // NVD: CVE-2010-5175 // NVD: CVE-2010-5175

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.9

sources: VULHUB: VHN-47780 // JVNDB: JVNDB-2010-005728 // NVD: CVE-2010-5175

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201208-732

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-005728

PATCH

title:

Top Page

url:

https://www.privacyware.com/

Trust: 0.8

sources: JVNDB: JVNDB-2010-005728

EXTERNAL IDS

db:	BID	id:	39924	Trust: 2.5
db:	NVD	id:	CVE-2010-5175	Trust: 2.5
db:	OSVDB	id:	67660	Trust: 1.1
db:	JVNDB	id:	JVNDB-2010-005728	Trust: 0.8
db:	CNNVD	id:	CNNVD-201208-732	Trust: 0.6
db:	VULHUB	id:	VHN-47780	Trust: 0.1

sources: VULHUB: VHN-47780 // JVNDB: JVNDB-2010-005728 // CNNVD: CNNVD-201208-732 // NVD: CVE-2010-5175

REFERENCES

url:	http://www.securityfocus.com/bid/39924	Trust: 2.5
url:	http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/	Trust: 2.5
url:	http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html	Trust: 1.7
url:	http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/	Trust: 1.7
url:	http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php	Trust: 1.7
url:	http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php	Trust: 1.7
url:	http://www.f-secure.com/weblog/archives/00001949.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2010-5175	Trust: 1.4
url:	http://www.osvdb.org/67660	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5175	Trust: 0.8

sources: VULHUB: VHN-47780 // JVNDB: JVNDB-2010-005728 // CNNVD: CNNVD-201208-732 // NVD: CVE-2010-5175

SOURCES

db:	VULHUB	id:	VHN-47780
db:	JVNDB	id:	JVNDB-2010-005728
db:	CNNVD	id:	CNNVD-201208-732
db:	NVD	id:	CVE-2010-5175

LAST UPDATE DATE

2025-04-11T22:49:29.385000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-47780	date:	2012-08-27T00:00:00
db:	JVNDB	id:	JVNDB-2010-005728	date:	2019-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201208-732	date:	2021-11-30T00:00:00
db:	NVD	id:	CVE-2010-5175	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-47780	date:	2012-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2010-005728	date:	2019-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201208-732	date:	2012-08-25T00:00:00
db:	NVD	id:	CVE-2010-5175	date:	2012-08-25T21:55:03.540