CVE-2010-5167

Severity Score

*CVSS v3

Exploit Likelihood

< 1%

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Race condition in Norman Security Suite PRO 8.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

** EN DISPUTA ** Condición de carrera en Norman Security Suite PRO v8.0 sobre Windows XP permite a usuarios locales evitar manejadores de kernel-mode hook, y ejecutar código malicioso que podría ser bloquedo por un manejador pero no por un detector de malware signature-based, a través de ciertos cambios en memoria user-space durante la ejecución de hook-handler , también conocido por argument-switch attack o ataque KHOBE. Nota: este problema está en disputa por terceras partes.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-08-25 CVE Reserved
2012-08-25 CVE Published
2024-09-16 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (9)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html	Mailing List
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html	Mailing List
http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk	X_refsource_misc
http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-s...	X_refsource_misc
http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-sec...	X_refsource_misc
http://www.f-secure.com/weblog/archives/00001949.html	X_refsource_misc
http://www.osvdb.org/67660	Vdb Entry
http://www.securityfocus.com/bid/39924	Vdb Entry
http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass	X_refsource_misc

1 - 9 of 9

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions (1)

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Norman Search vendor "Norman"	Security Suite Search vendor "Norman" for product "Security Suite"	8.0 Search vendor "Norman" for product "Security Suite" and version "8.0"	pro	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	-	Safe

1 - 1 of 1