| ID |
CVE-2004-1658
|
| Summary |
Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:kerio:personal_firewall:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.6:*:*:*:*:*:*:*
-
cpe:2.3:a:kerio:personal_firewall:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.7:*:*:*:*:*:*:*
-
cpe:2.3:a:kerio:personal_firewall:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.8:*:*:*:*:*:*:*
-
cpe:2.3:a:kerio:personal_firewall:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.9:*:*:*:*:*:*:*
-
cpe:2.3:a:kerio:personal_firewall:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.10:*:*:*:*:*:*:*
-
cpe:2.3:a:kerio:personal_firewall:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.16:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 4.6 (as of 11-07-2017 - 01:31) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
| bid | 11096 | | bugtraq | 20040902 Kerio Personal Firewall's Application Launch Protection Can Be Disabled by Direct Service Table Restoration | | misc | http://www.security.org.sg/vuln/kerio4016.html | | secunia | 12468 | | xf | kerio-pf-protection-dos(17270) |
|
| Last major update |
11-07-2017 - 01:31 |
| Published |
02-09-2004 - 04:00 |
| Last modified |
11-07-2017 - 01:31 |
