Some vulnerabilities have been reported in multiple CA products, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges, and by malicious people to cause a DoS.
1) An error exists within the processing of IOCTL requests in the kmxfw.sys kernel driver. This can be exploited to cause a system crash or to potentially execute arbitrary code with SYSTEM privileges.
2) An unspecified error in the kmxfw.sys driver can be exploited to cause a DoS.
The vulnerabilities are reported in the following products:
* CA Host-Based Intrusion Prevention System r8
* CA Internet Security Suite 2007
* CA Internet Security Suite 2008
* CA Personal Firewall 2007
* CA Personal Firewall 2008
Solution: CA Host-Based Intrusion Prevention System r8:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Subject: CA Products kmxfw.sys Privilege Escalation and Denial of Service
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.