Sign-up

ID

VAR-201208-0026


CVE

CVE-2010-5150


TITLE

Windows XP Run on 3D EQSecure Kernel mode hook handler bypass vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-005731

DESCRIPTION

** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. ** Unsettled ** This case has not been confirmed as a vulnerability. This vulnerability is also known as argument-switch Attack, or KHOBE It is called an attack. Multiple vendors' security software is prone to security bypass vulnerabilities. These issues may allow attackers to bypass certain security restrictions and perform malicious actions

Trust: 1.89

sources: NVD: CVE-2010-5150 // JVNDB: JVNDB-2010-005731 // BID: 39924

AFFECTED PRODUCTS

vendor:3dprotectmodel:3d eqsecurescope:eqversion:4.2

Trust: 1.0

vendor:3dprotectmodel:3d eqsecurescope:eqversion:professional edition 4.2

Trust: 0.8

vendor:zonemodel:labs zonealarm extreme securityscope:eqversion:9.1.507.000

Trust: 0.3

vendor:webrootmodel:internet security essentialsscope:eqversion:6.1.0.145

Trust: 0.3

vendor:virusbustermodel:internet security suitescope:eqversion:3.2

Trust: 0.3

vendor:virusblokadamodel:vba32 personalscope:eqversion:3.12.12.4

Trust: 0.3

vendor:trend micromodel:internet security proscope:eqversion:2010

Trust: 0.3

vendor:symantecmodel:norton internet securityscope:eqversion:20100

Trust: 0.3

vendor:sophosmodel:endpoint security and controlscope:eqversion:9.0.5

Trust: 0.3

vendor:softspheremodel:defensewall personal firewallscope:eqversion:3.00

Trust: 0.3

vendor:pcsecurityshieldmodel:security shieldscope:eqversion:201013.0.16.313

Trust: 0.3

vendor:pcmodel:tools firewall plusscope:eqversion:6.0.0.88

Trust: 0.3

vendor:pandamodel:internet securityscope:eqversion:2010

Trust: 0.3

vendor:outpostmodel:security suite pro bescope:eqversion:7.0.3330.505.1221

Trust: 0.3

vendor:outpostmodel:security suite proscope:eqversion:6.7.3.3063.452.0726

Trust: 0.3

vendor:onlinemodel:solutions security suitescope:eqversion:1.5.14905.0

Trust: 0.3

vendor:onlinemodel:armor online armor premiumscope:eqversion:4.0.0.35

Trust: 0.3

vendor:normanmodel:security suite proscope:eqversion:8.0

Trust: 0.3

vendor:mcafeemodel:total protectionscope:eqversion:2010

Trust: 0.3

vendor:kasperskymodel:internet securityscope:eqversion:20109.0.0.736

Trust: 0.3

vendor:gmodel:data totalcarescope:eqversion:20100

Trust: 0.3

vendor:f securemodel:internet securityscope:eqversion:2010

Trust: 0.3

vendor:esetmodel:smart securityscope:eqversion:40

Trust: 0.3

vendor:eeyemodel:blink professionalscope:eqversion:4.6.1

Trust: 0.3

vendor:dr webmodel:security space proscope:eqversion:6.0.0.03100

Trust: 0.3

vendor:computermodel:associates internet security suite plusscope:eqversion:20100

Trust: 0.3

vendor:comodomodel:internet security freescope:eqversion:4.0.138377.779

Trust: 0.3

vendor:bitdefendermodel:total securityscope:eqversion:20100

Trust: 0.3

vendor:aviramodel:premium security suitescope:eqversion:0

Trust: 0.3

vendor:avgmodel:avgscope:eqversion:9.0.791

Trust: 0.3

vendor:avastmodel:internet securityscope:eqversion:5.0.462

Trust: 0.3

vendor:3dprotectmodel:3d eqsecure professional editionscope:eqversion:4.2

Trust: 0.3

vendor:comodomodel:internet securityscope:neversion:4.1.149672.916

Trust: 0.3

sources: BID: 39924 // JVNDB: JVNDB-2010-005731 // NVD: CVE-2010-5150

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2010-5150
value: MEDIUM

Trust: 1.8

NVD: CVE-2010-5150
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2010-005731 // NVD: CVE-2010-5150

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.8

sources: JVNDB: JVNDB-2010-005731 // NVD: CVE-2010-5150

THREAT TYPE

local

Trust: 0.3

sources: BID: 39924

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201208-751

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2010-5150

EXTERNAL IDS
db:NVDid:CVE-2010-5150
Trust: 2.7
db:BIDid:39924
Trust: 2.7
db:OSVDBid:67660
Trust: 1.0
db:JVNDBid:JVNDB-2010-005731
Trust: 0.8
db:CNNVDid:CNNVD-201208-751
Trust: 0.6
sources:
            
            
            BID: 39924 // 
            
            
            
            JVNDB: JVNDB-2010-005731 // 
            
            
            
            CNNVD: CNNVD-201208-751 // 
            
            
            
            NVD: CVE-2010-5150

REFERENCES
url:https://www.securityfocus.com/bid/39924
Trust: 2.4
url:https://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/
Trust: 2.4
url:http://www.f-secure.com/weblog/archives/00001949.html
Trust: 1.6
url:http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php
Trust: 1.6
url:http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php
Trust: 1.6
url:http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/
Trust: 1.6
url:http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html
Trust: 1.6
url:http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2010-5150
Trust: 1.4
url:http://www.osvdb.org/67660
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5150
Trust: 0.8
url:http://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-41149672916-released-t57051.0.html
Trust: 0.3
url:http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php
Trust: 0.3
url:http://www.matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php
Trust: 0.3
sources:
            
            
            BID: 39924 // 
            
            
            
            JVNDB: JVNDB-2010-005731 // 
            
            
            
            CNNVD: CNNVD-201208-751 // 
            
            
            
            NVD: CVE-2010-5150

CREDITS
matousec.com
Trust: 0.3
sources:
            
            
            BID: 39924

SOURCES
db:BIDid:39924
db:JVNDBid:JVNDB-2010-005731
db:CNNVDid:CNNVD-201208-751
db:NVDid:CVE-2010-5150

LAST UPDATE DATE
2022-05-04T08:45:24.696000+00:00

SOURCES UPDATE DATE
db:BIDid:39924date:2015-04-13T21:02:00
db:JVNDBid:JVNDB-2010-005731date:2019-07-29T00:00:00
db:CNNVDid:CNNVD-201208-751date:2021-11-30T00:00:00
db:NVDid:CVE-2010-5150date:2012-08-27T04:00:00

SOURCES RELEASE DATE
db:BIDid:39924date:2010-05-05T00:00:00
db:JVNDBid:JVNDB-2010-005731date:2019-07-29T00:00:00
db:CNNVDid:CNNVD-201208-751date:2012-08-25T00:00:00
db:NVDid:CVE-2010-5150date:2012-08-25T21:55:00