CVE-2010-5184

Severity Score

6.2

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

** EN DISPUTA ** Condición de carrera en ZoneAlarm Extreme Security v9.1.507.000 sobre Windows XP permite a usuarios locales evitar kernel-mode hook handlers, y ejecutar código peligroso que podría entre otras cosas ser bloqueado por un manejador pero no bloqueado por un detector de malware signature-based, a través de ciertos user-space cambios de memoria durante la ejecución de hook-handler execution, también conocido como un ataque argument-switch o KHOBE. NOTA: esta problema está en disputa por terceras partes.

*Credits: N/A

CVSS Scores

NISTv2 6.2

Attack Vector

Local

Attack Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-08-25 CVE Reserved
2012-08-25 CVE Published
2023-03-08 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (9)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html	Mailing List
http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html	Mailing List
http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk	X_refsource_misc
http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php	X_refsource_misc
http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php	X_refsource_misc
http://www.f-secure.com/weblog/archives/00001949.html	X_refsource_misc
http://www.osvdb.org/67660	Vdb Entry
http://www.securityfocus.com/bid/39924	Vdb Entry
http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Checkpoint Search vendor "Checkpoint"	Zonealarm Extreme Security Search vendor "Checkpoint" for product "Zonealarm Extreme Security"	9.1.507.000 Search vendor "Checkpoint" for product "Zonealarm Extreme Security" and version "9.1.507.000"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	-	Safe