Sign-up

ID

VAR-200705-0348


CVE

CVE-2007-2729


TITLE

Comodo Firewall Pro In Microsoft Windows API Function call vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-002035

DESCRIPTION

Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. Comodo Firewall Pro is prone to a local security vulnerability. These malformed identifiers are one, two, or three larger than the standard identifiers

Trust: 1.98

sources: NVD: CVE-2007-2729 // JVNDB: JVNDB-2007-002035 // BID: 86152 // VULHUB: VHN-26091

AFFECTED PRODUCTS

vendor:comodomodel:personal firewallscope:eqversion:2.3.6.81

Trust: 2.7

vendor:comodomodel:firewall proscope:eqversion:2.4.18.184

Trust: 1.9

vendor:comodomodel:firewall proscope:eqversion:2.4.18.184 and older

Trust: 0.8

sources: BID: 86152 // JVNDB: JVNDB-2007-002035 // CNNVD: CNNVD-200705-325 // NVD: CVE-2007-2729

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-2729
value: HIGH

Trust: 1.0

NVD: CVE-2007-2729
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200705-325
value: HIGH

Trust: 0.6

VULHUB: VHN-26091
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-2729
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26091
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26091 // JVNDB: JVNDB-2007-002035 // CNNVD: CNNVD-200705-325 // NVD: CVE-2007-2729

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2729

THREAT TYPE

local

Trust: 0.9

sources: BID: 86152 // CNNVD: CNNVD-200705-325

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200705-325

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002035

PATCH
title:Top Pageurl:http://personalfirewall.comodo.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002035

EXTERNAL IDS
db:NVDid:CVE-2007-2729
Trust: 2.8
db:SREASONid:2714
Trust: 2.0
db:OSVDBid:37375
Trust: 1.7
db:JVNDBid:JVNDB-2007-002035
Trust: 0.8
db:BUGTRAQid:20070515 BYPASSING PFW/HIPS OPEN PROCESS CONTROL WITH UNCOMMON IDENTIFIER
Trust: 0.6
db:CNNVDid:CNNVD-200705-325
Trust: 0.6
db:BIDid:86152
Trust: 0.4
db:VULHUBid:VHN-26091
Trust: 0.1
sources:
            
            
            VULHUB: VHN-26091 // 
            
            
            
            BID: 86152 // 
            
            
            
            JVNDB: JVNDB-2007-002035 // 
            
            
            
            CNNVD: CNNVD-200705-325 // 
            
            
            
            NVD: CVE-2007-2729

REFERENCES
url:http://www.matousec.com/info/advisories/bypassing-pwf-hips-open-process-control-with-uncommon-identifier.php
Trust: 2.0
url:http://securityreason.com/securityalert/2714
Trust: 2.0
url:http://osvdb.org/37375
Trust: 1.7
url:http://www.securityfocus.com/archive/1/468643/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/archive/1/468643/100/0/threaded
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2729
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2729
Trust: 0.8
sources:
            
            
            VULHUB: VHN-26091 // 
            
            
            
            BID: 86152 // 
            
            
            
            JVNDB: JVNDB-2007-002035 // 
            
            
            
            CNNVD: CNNVD-200705-325 // 
            
            
            
            NVD: CVE-2007-2729

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 86152

SOURCES
db:VULHUBid:VHN-26091
db:BIDid:86152
db:JVNDBid:JVNDB-2007-002035
db:CNNVDid:CNNVD-200705-325
db:NVDid:CVE-2007-2729

LAST UPDATE DATE
2024-11-23T22:03:54.247000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-26091date:2018-10-16T00:00:00
db:BIDid:86152date:2007-05-16T00:00:00
db:JVNDBid:JVNDB-2007-002035date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200705-325date:2007-05-21T00:00:00
db:NVDid:CVE-2007-2729date:2024-11-21T00:31:30.833

SOURCES RELEASE DATE
db:VULHUBid:VHN-26091date:2007-05-16T00:00:00
db:BIDid:86152date:2007-05-16T00:00:00
db:JVNDBid:JVNDB-2007-002035date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200705-325date:2007-05-16T00:00:00
db:NVDid:CVE-2007-2729date:2007-05-16T22:30:00