Details of VAR-201208-0033

ID

VAR-201208-0033

CVE

CVE-2010-5157

TITLE

Windows XP Run on Comodo Internet Security Kernel mode hook handler bypass vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-004295

DESCRIPTION

Race condition in Comodo Internet Security before 4.1.149672.916 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. Multiple vendors' security software is prone to security bypass vulnerabilities. These issues may allow attackers to bypass certain security restrictions and perform malicious actions

Trust: 1.89

sources: NVD: CVE-2010-5157 // JVNDB: JVNDB-2010-004295 // BID: 39924

AFFECTED PRODUCTS

vendor:	comodo	model:	internet security	scope:	lte	version:	4.0.141842.828	Trust: 1.0
vendor:	comodo	model:	internet security	scope:	lt	version:	4.1.149672.916	Trust: 0.8
vendor:	comodo	model:	internet security	scope:	eq	version:	4.0.141842.828	Trust: 0.6
vendor:	zone	model:	labs zonealarm extreme security	scope:	eq	version:	9.1.507.000	Trust: 0.3
vendor:	webroot	model:	internet security essentials	scope:	eq	version:	6.1.0.145	Trust: 0.3
vendor:	virusbuster	model:	internet security suite	scope:	eq	version:	3.2	Trust: 0.3
vendor:	virusblokada	model:	vba32 personal	scope:	eq	version:	3.12.12.4	Trust: 0.3
vendor:	trend micro	model:	internet security pro	scope:	eq	version:	2010	Trust: 0.3
vendor:	symantec	model:	norton internet security	scope:	eq	version:	20100	Trust: 0.3
vendor:	sophos	model:	endpoint security and control	scope:	eq	version:	9.0.5	Trust: 0.3
vendor:	softsphere	model:	defensewall personal firewall	scope:	eq	version:	3.00	Trust: 0.3
vendor:	pcsecurityshield	model:	security shield	scope:	eq	version:	201013.0.16.313	Trust: 0.3
vendor:	pc	model:	tools firewall plus	scope:	eq	version:	6.0.0.88	Trust: 0.3
vendor:	panda	model:	internet security	scope:	eq	version:	2010	Trust: 0.3
vendor:	outpost	model:	security suite pro be	scope:	eq	version:	7.0.3330.505.1221	Trust: 0.3
vendor:	outpost	model:	security suite pro	scope:	eq	version:	6.7.3.3063.452.0726	Trust: 0.3
vendor:	online	model:	solutions security suite	scope:	eq	version:	1.5.14905.0	Trust: 0.3
vendor:	online	model:	armor online armor premium	scope:	eq	version:	4.0.0.35	Trust: 0.3
vendor:	norman	model:	security suite pro	scope:	eq	version:	8.0	Trust: 0.3
vendor:	mcafee	model:	total protection	scope:	eq	version:	2010	Trust: 0.3
vendor:	kaspersky	model:	internet security	scope:	eq	version:	20109.0.0.736	Trust: 0.3
vendor:	g	model:	data totalcare	scope:	eq	version:	20100	Trust: 0.3
vendor:	f secure	model:	internet security	scope:	eq	version:	2010	Trust: 0.3
vendor:	eset	model:	smart security	scope:	eq	version:	40	Trust: 0.3
vendor:	eeye	model:	blink professional	scope:	eq	version:	4.6.1	Trust: 0.3
vendor:	dr web	model:	security space pro	scope:	eq	version:	6.0.0.03100	Trust: 0.3
vendor:	computer	model:	associates internet security suite plus	scope:	eq	version:	20100	Trust: 0.3
vendor:	comodo	model:	internet security free	scope:	eq	version:	4.0.138377.779	Trust: 0.3
vendor:	bitdefender	model:	total security	scope:	eq	version:	20100	Trust: 0.3
vendor:	avira	model:	premium security suite	scope:	eq	version:	0	Trust: 0.3
vendor:	avg	model:	avg	scope:	eq	version:	9.0.791	Trust: 0.3
vendor:	avast	model:	internet security	scope:	eq	version:	5.0.462	Trust: 0.3
vendor:	3dprotect	model:	3d eqsecure professional edition	scope:	eq	version:	4.2	Trust: 0.3
vendor:	comodo	model:	internet security	scope:	ne	version:	4.1.149672.916	Trust: 0.3

sources: BID: 39924 // JVNDB: JVNDB-2010-004295 // CNNVD: CNNVD-201208-485 // NVD: CVE-2010-5157

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2010-5157
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-201208-485
value:	MEDIUM
Trust: 0.6

NVD:	CVE-2010-5157
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2010-004295 // CNNVD: CNNVD-201208-485 // NVD: CVE-2010-5157

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.8

sources: JVNDB: JVNDB-2010-004295 // NVD: CVE-2010-5157

THREAT TYPE

local

Trust: 0.9

sources: BID: 39924 // CNNVD: CNNVD-201208-485

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201208-485

CONFIGURATIONS

sources: NVD: CVE-2010-5157

PATCH

title:

COMODO Internet Security 4.1.149672.916 Released!

url:

http://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-41149672916-released-t57051.0.html

Trust: 0.8

sources: JVNDB: JVNDB-2010-004295

EXTERNAL IDS

db:	NVD	id:	CVE-2010-5157	Trust: 2.7
db:	BID	id:	39924	Trust: 1.9
db:	OSVDB	id:	65254	Trust: 1.6
db:	OSVDB	id:	67660	Trust: 1.6
db:	JVNDB	id:	JVNDB-2010-004295	Trust: 0.8
db:	FULLDISC	id:	20100505 KHOBE - 8.0 EARTHQUAKE FOR WINDOWS DESKTOP SECURITY SOFTWARE	Trust: 0.6
db:	BUGTRAQ	id:	20100505 KHOBE - 8.0 EARTHQUAKE FOR WINDOWS DESKTOP SECURITY SOFTWARE	Trust: 0.6
db:	CNNVD	id:	CNNVD-201208-485	Trust: 0.6

sources: BID: 39924 // JVNDB: JVNDB-2010-004295 // CNNVD: CNNVD-201208-485 // NVD: CVE-2010-5157

REFERENCES

url:	http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/	Trust: 2.4
url:	http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php	Trust: 2.4
url:	http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php	Trust: 2.4
url:	http://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-41149672916-released-t57051.0.html	Trust: 1.9
url:	http://www.securityfocus.com/bid/39924	Trust: 1.6
url:	http://www.osvdb.org/67660	Trust: 1.6
url:	http://www.osvdb.org/65254	Trust: 1.6
url:	http://www.f-secure.com/weblog/archives/00001949.html	Trust: 1.6
url:	http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/	Trust: 1.6
url:	http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html	Trust: 1.6
url:	http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5157	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5157	Trust: 0.8
url:	http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php	Trust: 0.3
url:	http://www.matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php	Trust: 0.3

sources: BID: 39924 // JVNDB: JVNDB-2010-004295 // CNNVD: CNNVD-201208-485 // NVD: CVE-2010-5157

CREDITS

matousec.com

Trust: 0.3

sources: BID: 39924

SOURCES

db:	BID	id:	39924
db:	JVNDB	id:	JVNDB-2010-004295
db:	CNNVD	id:	CNNVD-201208-485
db:	NVD	id:	CVE-2010-5157

LAST UPDATE DATE

2022-05-04T08:45:24.663000+00:00

SOURCES UPDATE DATE

db:	BID	id:	39924	date:	2015-04-13T21:02:00
db:	JVNDB	id:	JVNDB-2010-004295	date:	2012-09-05T00:00:00
db:	CNNVD	id:	CNNVD-201208-485	date:	2012-08-27T00:00:00
db:	NVD	id:	CVE-2010-5157	date:	2012-08-27T04:00:00

SOURCES RELEASE DATE

db:	BID	id:	39924	date:	2010-05-05T00:00:00
db:	JVNDB	id:	JVNDB-2010-004295	date:	2012-09-05T00:00:00
db:	CNNVD	id:	CNNVD-201208-485	date:	2012-08-27T00:00:00
db:	NVD	id:	CVE-2010-5157	date:	2012-08-25T21:55:00