Details of VAR-200705-0115

ID

VAR-200705-0115

CVE

CVE-2007-2965

TITLE

plural F-Secure Product Real-time Scanning Vulnerability gained privileges in components

Trust: 0.8

sources: JVNDB: JVNDB-2007-002111

DESCRIPTION

Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space.". Internet Gatekeeper is prone to a local security vulnerability. Local users can gain privileges with the help of a specially crafted I/O request packet (IRP)

Trust: 1.98

sources: NVD: CVE-2007-2965 // JVNDB: JVNDB-2007-002111 // BID: 86107 // VULHUB: VHN-26327

AFFECTED PRODUCTS

vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2006	Trust: 2.7
vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2005	Trust: 2.7
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2006	Trust: 2.7
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2005	Trust: 2.7
vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	2007	Trust: 1.9
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	2007	Trust: 1.9
vendor:	f secure	model:	f-secure anti-virus	scope:	lte	version:	5.42	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	lte	version:	5.61	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	lte	version:	4.65	Trust: 1.0
vendor:	f secure	model:	internet gatekeeper	scope:	lte	version:	6.60	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	lte	version:	5.44	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	lte	version:	6.40	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus linux client security	scope:	lte	version:	5.30	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus client security	scope:	lte	version:	6.03	Trust: 1.0
vendor:	f secure	model:	internet gatekeeper	scope:	lte	version:	2.16	Trust: 1.0
vendor:	f secure	model:	f-secure protection service	scope:	lte	version:	6.40	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus linux server security	scope:	lte	version:	5.30	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	lte	version:	5.52	Trust: 1.0
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	and 2007	Trust: 0.8
vendor:	f secure	model:	f-secure internet security	scope:	eq	version:	and 2007	Trust: 0.8
vendor:	f secure	model:	f-secure protection service	scope:	lte	version:	consumers 6.40	Trust: 0.8
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	4.65	Trust: 0.6
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.42	Trust: 0.6
vendor:	f secure	model:	f-secure anti-virus	scope:	eq	version:	5.44	Trust: 0.6
vendor:	f secure	model:	internet gatekeeper	scope:	eq	version:	6.60	Trust: 0.3
vendor:	f secure	model:	internet gatekeeper linux	scope:	eq	version:	2.16	Trust: 0.3
vendor:	f secure	model:	f-secure protection service consumers	scope:	eq	version:	6.40	Trust: 0.3
vendor:	f secure	model:	f-secure anti-virus linux server security	scope:	eq	version:	5.30	Trust: 0.3
vendor:	f secure	model:	f-secure anti-virus linux client security	scope:	eq	version:	5.30	Trust: 0.3
vendor:	f secure	model:	f-secure anti-virus client security	scope:	eq	version:	6.03	Trust: 0.3
vendor:	f secure	model:	f-secure anti-virus ms exchange	scope:	eq	version:	6.40	Trust: 0.3
vendor:	f secure	model:	f-secure anti-virus mimesweeper	scope:	eq	version:	5.61	Trust: 0.3
vendor:	f secure	model:	f-secure anti-virus citrix servers	scope:	eq	version:	5.52	Trust: 0.3
vendor:	f secure	model:	f-secure anti-virus workstations	scope:	eq	version:	5.44	Trust: 0.3
vendor:	f secure	model:	f-secure anti-virus windows servers	scope:	eq	version:	5.42	Trust: 0.3
vendor:	f secure	model:	f-secure anti-virus linux servers	scope:	eq	version:	4.65	Trust: 0.3
vendor:	f secure	model:	f-secure anti-virus linux gateways	scope:	eq	version:	4.65	Trust: 0.3

sources: BID: 86107 // JVNDB: JVNDB-2007-002111 // CNNVD: CNNVD-200705-586 // NVD: CVE-2007-2965

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-2965
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-2965
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200705-586
value:	HIGH
Trust: 0.6
VULHUB:	VHN-26327
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-2965
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-26327
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-26327 // JVNDB: JVNDB-2007-002111 // CNNVD: CNNVD-200705-586 // NVD: CVE-2007-2965

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2965

THREAT TYPE

local

Trust: 0.9

sources: BID: 86107 // CNNVD: CNNVD-200705-586

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200705-586

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002111

PATCH

title:

Security advisories

url:

http://www.f-secure.com/en/web/labs_global/security-advisories

Trust: 0.8

sources: JVNDB: JVNDB-2007-002111

EXTERNAL IDS

db:	NVD	id:	CVE-2007-2965	Trust: 2.8
db:	SECTRACK	id:	1018148	Trust: 2.0
db:	SECTRACK	id:	1018146	Trust: 2.0
db:	SECUNIA	id:	25439	Trust: 1.7
db:	VUPEN	id:	ADV-2007-1985	Trust: 1.7
db:	OSVDB	id:	36727	Trust: 1.1
db:	XF	id:	34579	Trust: 0.9
db:	JVNDB	id:	JVNDB-2007-002111	Trust: 0.8
db:	CNNVD	id:	CNNVD-200705-586	Trust: 0.7
db:	BID	id:	86107	Trust: 0.4
db:	VULHUB	id:	VHN-26327	Trust: 0.1

sources: VULHUB: VHN-26327 // BID: 86107 // JVNDB: JVNDB-2007-002111 // CNNVD: CNNVD-200705-586 // NVD: CVE-2007-2965

REFERENCES

url:	http://www.f-secure.com/security/fsc-2007-2.shtml	Trust: 2.0
url:	http://www.securitytracker.com/id?1018146	Trust: 2.0
url:	http://www.securitytracker.com/id?1018148	Trust: 2.0
url:	http://secunia.com/advisories/25439	Trust: 1.7
url:	http://osvdb.org/36727	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/1985	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/34579	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/34579	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2965	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2965	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2007/1985	Trust: 0.6

sources: VULHUB: VHN-26327 // BID: 86107 // JVNDB: JVNDB-2007-002111 // CNNVD: CNNVD-200705-586 // NVD: CVE-2007-2965

CREDITS

Unknown

Trust: 0.3

sources: BID: 86107

SOURCES

db:	VULHUB	id:	VHN-26327
db:	BID	id:	86107
db:	JVNDB	id:	JVNDB-2007-002111
db:	CNNVD	id:	CNNVD-200705-586
db:	NVD	id:	CVE-2007-2965

LAST UPDATE DATE

2024-11-23T22:43:23.407000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-26327	date:	2017-07-29T00:00:00
db:	BID	id:	86107	date:	2007-05-31T00:00:00
db:	JVNDB	id:	JVNDB-2007-002111	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200705-586	date:	2007-06-01T00:00:00
db:	NVD	id:	CVE-2007-2965	date:	2024-11-21T00:32:04.720

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-26327	date:	2007-05-31T00:00:00
db:	BID	id:	86107	date:	2007-05-31T00:00:00
db:	JVNDB	id:	JVNDB-2007-002111	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200705-586	date:	2007-05-31T00:00:00
db:	NVD	id:	CVE-2007-2965	date:	2007-05-31T23:30:00