CVE-2010-5164

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

** EN DISPUTA** Condición de carrera en Kingsoft Personal Firewall 9 Plus v2009.05.07.70 en Windows XP permite a usuarios locales eludir los manejadores de ganchos (hook handlers) de modo kernel, y ejecutar código peligroso que de otra forma sería bloqueado por un manejador y no por la detección de la firma de malware. Esto se consigue a través de ciertos cambios en la memoria de espacio de usuario durante la ejecución del manejador de gancho, también conocido como ataque argument-switch o ataque KHOBE. NOTA: este problema es discutido por algunos, ya que es un defecto en un mecanismo de protección para situaciones en las que un programa hecho a mano ya ha comenzado a ejecutarse.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Local

Attack Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2012-08-25 CVE Reserved
2012-08-25 CVE Published
2023-03-08 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (9)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html	Mailing List
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html	Mailing List
http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk	X_refsource_misc
http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php	X_refsource_misc
http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php	X_refsource_misc
http://www.f-secure.com/weblog/archives/00001949.html	X_refsource_misc
http://www.osvdb.org/67660	Vdb Entry
http://www.securityfocus.com/bid/39924	Vdb Entry
http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Kingsoft Search vendor "Kingsoft"	Personal Firewall 9 Search vendor "Kingsoft" for product "Personal Firewall 9"	2009.05.07.70 Search vendor "Kingsoft" for product "Personal Firewall 9" and version "2009.05.07.70"	plus	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	-	Safe