2 results (0.001 seconds)

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1

Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors. Vulnerabilidad no especificada en Norman Security Suite 10.1 y anteriores permite a usuarios locales ganar privilegios a través de vectores desconocidos. • https://github.com/tandasat/CVE-2014-0816 http://jvn.jp/en/jp/JVN02017463/995510/index.html http://jvn.jp/en/jp/JVN02017463/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000026 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute ** EN DISPUTA ** Condición de carrera en Norman Security Suite PRO v8.0 sobre Windows XP permite a usuarios locales evitar manejadores de kernel-mode hook, y ejecutar código malicioso que podría ser bloquedo por un manejador pero no por un detector de malware signature-based, a través de ciertos cambios en memoria user-space durante la ejecución de hook-handler , también conocido por argument-switch attack o ataque KHOBE. Nota: este problema está en disputa por terceras partes. • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://www.f-secure.com/weblog/archives/00001949.html http://www.osvdb.org/67660 http://www.securit • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •