CVE-2008-5522
https://notcve.org/view.php?id=CVE-2008-5522
AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. AVG Anti-Virus v8.0.0.161, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HTML colocando una cabecera MZ (alias "EXE info") al principio, y modificar el nombre del archivo a (1 ) sin extensión, (2) una extensión. txt, o (3) una extensión .jpg, como lo demuestra un documento que contiene un exploit CVE-2006-5745. • http://securityreason.com/securityalert/4723 http://www.securityfocus.com/archive/1/498995/100/0/threaded http://www.securityfocus.com/archive/1/499043/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/47435 • CWE-20: Improper Input Validation •
CVE-2006-6619 – Multiple Vendor Firewall - HIPS Process Spoofing
https://notcve.org/view.php?id=CVE-2006-6619
AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. AVG Anti-Virus plus Firewall 7.5.431 depende del Process Environment Block (PEB) para la identificación de un proceso, el cual permite a usuarios locales evitar los controles del producto en el proceso mediante la simulación de los campos (1) ImagePathName, (2) CommandLine y(3) WindowTitle en el PEB • https://www.exploit-db.com/exploits/29287 http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php http://www.securityfocus.com/archive/1/454522/100/0/threaded http://www.securityfocus.com/bid/21615 •
CVE-2006-6622
https://notcve.org/view.php?id=CVE-2006-6622
Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. Soft4Ever Look 'n' Stop (LnS) 2.05p2 en versiones anteriores a 20061215 depende del Process Environment Block (PEB) para la identificación de un proceso, el cual permite a usuarios locales evitar los controles del producto en el proceso mediante la simulación de los campos (1) ImagePathName, (2) CommandLine y(3) WindowTitle en el PEB. • http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php http://www.securityfocus.com/archive/1/454522/100/0/threaded http://www.securityfocus.com/bid/21615 http://www.wilderssecurity.com/showthread.php?t=158155 •
CVE-2006-6620
https://notcve.org/view.php?id=CVE-2006-6620
Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. Comodo Personal Firewall 2.3.6.81 depende del Process Environment Block (PEB) para la identificación de un proceso, el cual permite a usuarios locales evitar los controles del producto en el proceso mediante la simulación de los campos (1) ImagePathName, (2) CommandLine y(3) WindowTitle en el PEB. • http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php http://www.securityfocus.com/archive/1/454522/100/0/threaded http://www.securityfocus.com/bid/21615 •
CVE-2006-6618
https://notcve.org/view.php?id=CVE-2006-6618
AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. AntiHook 3.0.0.23 - El escritorio depende del Process Environment Block (PEB) para la identificación de un proceso, el cual permite a usuarios locales evitar los controles del producto en el proceso mediante la simulación de los campos (1) ImagePathName, (2) CommandLine y(3) WindowTitle en el PEB • http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php http://www.securityfocus.com/archive/1/454522/100/0/threaded http://www.securityfocus.com/bid/21615 •