CVE-2010-5179

Severity Score

6.2

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

** EN DISPUTA ** Condición de carrera en Trend Micro Internet Security Pro 2010 v17.50.1647.0000 sobre Windows XP permite a usuarios locales evitar manejadores de kernel-mode hook, y ejecutar código malicioso que podría ser bloquedo por un manejador pero no por un detector de malware signature-based, a través de ciertos cambios en memoria user-space durante la ejecución de hook-handler , también conocido por argument-switch attack o ataque KHOBE. Nota: este problema está en disputa por terceras partes.

*Credits: N/A

CVSS Scores

NISTv2 6.2

Attack Vector

Local

Attack Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-08-25 CVE Reserved
2012-08-25 CVE Published
2023-03-08 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (9)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html	Mailing List
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html	Mailing List
http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk	X_refsource_misc
http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php	X_refsource_misc
http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php	X_refsource_misc
http://www.f-secure.com/weblog/archives/00001949.html	X_refsource_misc
http://www.osvdb.org/67660	Vdb Entry
http://www.securityfocus.com/bid/39924	Vdb Entry
http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Trendmicro Search vendor "Trendmicro"	Internet Security 2010 Search vendor "Trendmicro" for product "Internet Security 2010"	17.50.1647.0000 Search vendor "Trendmicro" for product "Internet Security 2010" and version "17.50.1647.0000"	professional	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	-	Safe