CVE-2010-5152
https://notcve.org/view.php?id=CVE-2010-5152
Race condition in AVG Internet Security 9.0.791 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute ** EN DISPUTA ** Condición de Carrera en AVG Internet Security v9.0.791 para Windows XP permite a usuarios locales eludir los manejadores de hooks a nivel de kernel, y ejecutar código peligroso que de otra manera sería bloqueada por el manejador y no por una detección basada en firma de malware. Esto se consigue a través de ciertos cambios en la memoria de espacio de usuario durante la ejecución del manejador de hooks. Se trata de un problema también conocido como un ataque argument-switch o un ataque KHOBE. NOTA: este problema es discutido por algunos, ya que es un defecto en un mecanismo de protección para situaciones en las que un programa hecho a mano ya ha comenzado a ejecutarse. • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://www.f-secure.com/weblog/archives/00001949.html http://www.osvdb.org/67660 http://www.securit • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2009-1782
https://notcve.org/view.php?id=CVE-2009-1782
Multiple F-Secure anti-virus products, including Anti-Virus for Microsoft Exchange 7.10 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, Windows 6.61 and earlier, and Linux 2.16 and earlier; Internet Security 2009 and earlier, Anti-Virus 2009 and earlier, Client Security 8.0 and earlier, and others; allow remote attackers to bypass malware detection via a crafted (1) ZIP and (2) RAR archive. Múltiples productos antivirus F-Secure, incluidos: Anti-Virus for Microsoft Exchange v7.10 y anteriores; Internet Gatekeeper for Windows v6.61 y anteriores, Windows v6.61 y anteriores, y Linux v2.16 y anteriores; Internet Security 2009 y anteriores, Anti-Virus 2009 y anteriores, Client Security v8.0 y anteriores y otros; permiten a atacantes remotos saltar la detección de software malicioso mediante archivos (1) .ZIP y (2) .RAR manipulados. • http://secunia.com/advisories/35008 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html http://www.securityfocus.com/bid/34849 http://www.securitytracker.com/id?1022170 http://www.securitytracker.com/id?1022171 http://www.securitytracker.com/id?1022172 http://www.vupen.com/english/advisories/2009/1262 https://exchange.xforce.ibmcloud.com/vulnerabilities/50346 •
CVE-2008-5409 – BitDefender - Module pdf.xmd Infinite Loop Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2008-5409
Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information. Vulnerabilidad sin especificar en el módulo pdf.xmd en (1) BitDefender Free Edition 10 y Antivirus Standard 10, (2) BullGuard Internet Security v8.5, y (3) Software602 Groupware Server v6.0.08.1118, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de un archivo PDF manipulado, seguramente relacionado con la inclusión de flujos comprimidos que son procesados con el filtro ASCIIHexDecode. NOTA: algunos de éstos detalles han sido obtenidos a partir de terceros. • https://www.exploit-db.com/exploits/7178 http://milw0rm.com/sploits/2008-BitDefenderDOS.zip http://osvdb.org/50010 http://osvdb.org/50103 http://osvdb.org/50205 http://secunia.com/advisories/27805 http://secunia.com/advisories/32789 http://secunia.com/advisories/32814 http://www.securityfocus.com/bid/32396 https://exchange.xforce.ibmcloud.com/vulnerabilities/46750 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •