|
|
CVE Reference: CVE-2008-1736 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-1736 |
|
|
Description: Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table (SSDT) functions, which allows local users to cause a denial of service (system crash) via (1) a crafted OBJECT_ATTRIBUTES structure in a call to the NtDeleteFile function, which leads to improper validation of a ZwQueryObject result; and unspecified calls to the (2) NtCreateFile and (3) NtSetThreadContext functions, different vectors than CVE-2007-0709. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/42082 ST 1019944 SREASON http://securityreason.com/securityalert/3838 SAID Secunia Advisory: SA30006 MISC http://www.personalfirewall.comodo.com/release_notes.html http://www.coresecurity.com/?action=item&id=2249 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/491405/100/0/threaded BID 28742 |
|
| Return to the previous page. |
