Sign-up

ID

VAR-201208-0060


CVE

CVE-2010-5184


TITLE

Windows XP Run on ZoneAlarm Extreme Security Kernel mode hook handler bypass vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-005720

DESCRIPTION

Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. ** Unsettled ** This case has not been confirmed as a vulnerability. This vulnerability is also known as argument-switch Attack, or KHOBE It is called an attack

Trust: 1.71

sources: NVD: CVE-2010-5184 // JVNDB: JVNDB-2010-005720 // VULHUB: VHN-47789

AFFECTED PRODUCTS

vendor:checkpointmodel:zonealarm extreme securityscope:eqversion:9.1.507.000

Trust: 1.0

vendor:check pointmodel:zonealarm extreme securityscope:eqversion:9.1.507.000

Trust: 0.8

sources: JVNDB: JVNDB-2010-005720 // NVD: CVE-2010-5184

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-5184
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-5184
value: MEDIUM

Trust: 0.8

VULHUB: VHN-47789
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-5184
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-47789
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-47789 // JVNDB: JVNDB-2010-005720 // NVD: CVE-2010-5184

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-47789 // JVNDB: JVNDB-2010-005720 // NVD: CVE-2010-5184

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201208-727

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-005720

PATCH
title:Top Pageurl:http://www.zonealarm.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-005720

EXTERNAL IDS
db:BIDid:39924
Trust: 2.5
db:NVDid:CVE-2010-5184
Trust: 2.5
db:OSVDBid:67660
Trust: 1.1
db:JVNDBid:JVNDB-2010-005720
Trust: 0.8
db:CNNVDid:CNNVD-201208-727
Trust: 0.6
db:VULHUBid:VHN-47789
Trust: 0.1
sources:
            
            
            VULHUB: VHN-47789 // 
            
            
            
            JVNDB: JVNDB-2010-005720 // 
            
            
            
            CNNVD: CNNVD-201208-727 // 
            
            
            
            NVD: CVE-2010-5184

REFERENCES
url:http://www.securityfocus.com/bid/39924
Trust: 2.5
url:http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/
Trust: 2.5
url:http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html
Trust: 1.7
url:http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html
Trust: 1.7
url:http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/
Trust: 1.7
url:http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php
Trust: 1.7
url:http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php
Trust: 1.7
url:http://www.f-secure.com/weblog/archives/00001949.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2010-5184
Trust: 1.4
url:http://www.osvdb.org/67660
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5184
Trust: 0.8
sources:
            
            
            VULHUB: VHN-47789 // 
            
            
            
            JVNDB: JVNDB-2010-005720 // 
            
            
            
            CNNVD: CNNVD-201208-727 // 
            
            
            
            NVD: CVE-2010-5184

SOURCES
db:VULHUBid:VHN-47789
db:JVNDBid:JVNDB-2010-005720
db:CNNVDid:CNNVD-201208-727
db:NVDid:CVE-2010-5184

LAST UPDATE DATE
2024-11-23T21:46:11.672000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-47789date:2012-09-05T00:00:00
db:JVNDBid:JVNDB-2010-005720date:2019-07-29T00:00:00
db:CNNVDid:CNNVD-201208-727date:2021-11-30T00:00:00
db:NVDid:CVE-2010-5184date:2024-11-21T01:22:40.537

SOURCES RELEASE DATE
db:VULHUBid:VHN-47789date:2012-08-25T00:00:00
db:JVNDBid:JVNDB-2010-005720date:2019-07-29T00:00:00
db:CNNVDid:CNNVD-201208-727date:2012-08-25T00:00:00
db:NVDid:CVE-2010-5184date:2012-08-25T21:55:04.023