CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2006-7160
https://notcve.org/view.php?id=CVE-2006-7160
The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions. El controlador Sandbox.sys de Outpost Firewall PRO versión 4.0, y posiblemente versiones anteriores, no comprueba argumentos para funciones SSDT enlazadas, permite a usuarios locales causar una denegación de servicio (bloqueo) mediante argumentos no válidos para las funciones (1) NtAssignProcessToJobObject, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver y (12) NtWriteVirtualMemory. • http://secunia.com/advisories/22913 http://securityreason.com/securityalert/2376 http://www.matousec.com/info/advisories/Outpost-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php http://www.securityfocus.com/archive/1/451672/100/0/threaded http://www.securityfocus.com/bid/21097 http://www.vupen.com/english/advisories/2006/4537 https://exchange.xforce.ibmcloud.com/vulnerabilities/30312 • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-3696 – Agnitum Outpost Firewall 3.5.631 - 'FiltNT.SYS' Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-3696
filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows local users to cause a denial of service (crash) via long arguments to mshta.exe. filtnt.sys en Outpost Firewall Pro before 3.51.759.6511 (462) permite a usuarios locales provocar denegación de servicio (caida) a través de argumentos en mshta.exe. • https://www.exploit-db.com/exploits/28232 http://secunia.com/advisories/21095 http://securityreason.com/securityalert/1247 http://www.securityfocus.com/archive/1/440427 http://www.securityfocus.com/bid/19026 http://www.vupen.com/english/advisories/2006/2853 https://exchange.xforce.ibmcloud.com/vulnerabilities/27840 •