Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
18 vulnerabilities by infoprocess
VAR-200612-0206
Vulnerability from variot - Updated: 2023-12-18 12:32Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. (1) PEB Inside ImagePathName (2) PEB Inside CommandLine (3) PEB Inside WindowTitle field. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer. The following software is vulnerable; other versions may also be affected: InfoProcess AntiHook version 3.0.0.23 AVG Anti-Virus plus Firewall version 7.5.431 Comodo Personal Firewall version 2.3.6.81 Filseclab Personal Firewall version 3.0.0.8686 Look 'n' Stop Personal Firewall version 2.05p2 Symantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. Remote attackers can use spoofed processes to bypass the control of security checks. Including (1) image directory name, (2) command line, and (3) WINDOWS header text in PEB
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200612-0206",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall",
"scope": "eq",
"trust": 2.1,
"vendor": "comodo",
"version": "2.3.6.81"
},
{
"model": "sygate personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "symantec",
"version": "5.6.2808"
},
{
"model": "antihook",
"scope": "eq",
"trust": 1.3,
"vendor": "infoprocess",
"version": "3.0.23"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "filseclab",
"version": "3.0.8686"
},
{
"model": "look n stop",
"scope": "eq",
"trust": 1.0,
"vendor": "soft4ever",
"version": "2.05p2"
},
{
"model": "antivirus plus firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "avg",
"version": "7.5.431"
},
{
"model": "\u0027n\u0027 stop look \u0027n\u0027 stop 2.05p2",
"scope": null,
"trust": 0.3,
"vendor": "look",
"version": null
},
{
"model": "anti-virus plus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "7.5.431"
}
],
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001770"
},
{
"db": "NVD",
"id": "CVE-2006-6620"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-385"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:soft4ever:look_n_stop:2.05p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:sygate_personal_firewall:5.6.2808:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avg:antivirus_plus_firewall:7.5.431:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:comodo:comodo_personal_firewall:2.3.6.81:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:filseclab:personal_firewall:3.0.8686:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:infoprocess:antihook:3.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6620"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matousec http://www.matousec.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-385"
}
],
"trust": 0.6
},
"cve": "CVE-2006-6620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2006-6620",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-22728",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-6620",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200612-385",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-22728",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22728"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001770"
},
{
"db": "NVD",
"id": "CVE-2006-6620"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-385"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. (1) PEB Inside ImagePathName (2) PEB Inside CommandLine (3) PEB Inside WindowTitle field. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. \nAn attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim\u0027s computer. \nThe following software is vulnerable; other versions may also be affected:\nInfoProcess AntiHook version 3.0.0.23\nAVG Anti-Virus plus Firewall version 7.5.431\nComodo Personal Firewall version 2.3.6.81\nFilseclab Personal Firewall version 3.0.0.8686\nLook \u0027n\u0027 Stop Personal Firewall version 2.05p2\nSymantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. Remote attackers can use spoofed processes to bypass the control of security checks. Including (1) image directory name, (2) command line, and (3) WINDOWS header text in PEB",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6620"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001770"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "VULHUB",
"id": "VHN-22728"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6620",
"trust": 2.5
},
{
"db": "BID",
"id": "21615",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001770",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200612-385",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20061215 BYPASSING PROCESS IDENTIFICATION OF SEVERAL PERSONAL FIREWALLS AND HIPS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-22728",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22728"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001770"
},
{
"db": "NVD",
"id": "CVE-2006-6620"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-385"
}
]
},
"id": "VAR-200612-0206",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-22728"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:32:32.880000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.comodo.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001770"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/21615"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/info/advisories/bypassing-process-identification-serveral-personal-firewalls-hips.php"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6620"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6620"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/454522/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.infoprocess.com.au/antihook.php"
},
{
"trust": 0.3,
"url": "http://www.grisoft.com/"
},
{
"trust": 0.3,
"url": "http://www.comodo.com/"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.filseclab.com%2feng%2fproducts%2ffirewall.htm\u0026ei=d_6crfdcapuwnqptjcb_\u0026usg=__uqizxyyvwb4dlpaaogel8nftkja=\u0026sig2=riufvoqmxrfqyl4h1bsrzq"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.looknstop.com%2f\u0026ei=m_6crfl8n6cunqp5wef7\u0026usg=__ufqwvzzztduykujwzxq2euu_xna=\u0026sig2=1vrohasxv2wrxkwcut7fua"
},
{
"trust": 0.3,
"url": "/archive/1/454522"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22728"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001770"
},
{
"db": "NVD",
"id": "CVE-2006-6620"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-385"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-22728"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001770"
},
{
"db": "NVD",
"id": "CVE-2006-6620"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-385"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-22728"
},
{
"date": "2006-12-15T00:00:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001770"
},
{
"date": "2006-12-18T11:28:00",
"db": "NVD",
"id": "CVE-2006-6620"
},
{
"date": "2006-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-385"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-22728"
},
{
"date": "2006-12-15T21:18:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001770"
},
{
"date": "2018-10-17T21:49:17.223000",
"db": "NVD",
"id": "CVE-2006-6620"
},
{
"date": "2007-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-385"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-385"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Comodo Personal Firewall Vulnerabilities that prevent process product control on process",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001770"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-385"
}
],
"trust": 0.6
}
}
VAR-200612-0209
Vulnerability from variot - Updated: 2023-12-18 12:32Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer. The following software is vulnerable; other versions may also be affected: InfoProcess AntiHook version 3.0.0.23 AVG Anti-Virus plus Firewall version 7.5.431 Comodo Personal Firewall version 2.3.6.81 Filseclab Personal Firewall version 3.0.0.8686 Look 'n' Stop Personal Firewall version 2.05p2 Symantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. Remote attackers can use spoofed processes to bypass the control of security checks. Including (1) image directory name, (2) command line, and (3) WINDOWS header text in PEB
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200612-0209",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sygate personal firewall",
"scope": "eq",
"trust": 2.7,
"vendor": "symantec",
"version": "5.6.2808"
},
{
"model": "antihook",
"scope": "eq",
"trust": 1.3,
"vendor": "infoprocess",
"version": "3.0.23"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "filseclab",
"version": "3.0.8686"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "comodo",
"version": "2.3.6.81"
},
{
"model": "look n stop",
"scope": "eq",
"trust": 1.0,
"vendor": "soft4ever",
"version": "2.05p2"
},
{
"model": "antivirus plus firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "avg",
"version": "7.5.431"
},
{
"model": "\u0027n\u0027 stop look \u0027n\u0027 stop 2.05p2",
"scope": null,
"trust": 0.3,
"vendor": "look",
"version": null
},
{
"model": "anti-virus plus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "7.5.431"
}
],
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"db": "NVD",
"id": "CVE-2006-6623"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:avg:antivirus_plus_firewall:7.5.431:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:comodo:comodo_personal_firewall:2.3.6.81:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:soft4ever:look_n_stop:2.05p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:sygate_personal_firewall:5.6.2808:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:filseclab:personal_firewall:3.0.8686:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:infoprocess:antihook:3.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6623"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matousec http://www.matousec.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
}
],
"trust": 0.6
},
"cve": "CVE-2006-6623",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2006-6623",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-22731",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-6623",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200612-397",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-22731",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22731"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"db": "NVD",
"id": "CVE-2006-6623"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. \nAn attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim\u0027s computer. \nThe following software is vulnerable; other versions may also be affected:\nInfoProcess AntiHook version 3.0.0.23\nAVG Anti-Virus plus Firewall version 7.5.431\nComodo Personal Firewall version 2.3.6.81\nFilseclab Personal Firewall version 3.0.0.8686\nLook \u0027n\u0027 Stop Personal Firewall version 2.05p2\nSymantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. Remote attackers can use spoofed processes to bypass the control of security checks. Including (1) image directory name, (2) command line, and (3) WINDOWS header text in PEB",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6623"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "VULHUB",
"id": "VHN-22731"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6623",
"trust": 2.5
},
{
"db": "BID",
"id": "21615",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001773",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200612-397",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20061215 BYPASSING PROCESS IDENTIFICATION OF SEVERAL PERSONAL FIREWALLS AND HIPS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-22731",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22731"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"db": "NVD",
"id": "CVE-2006-6623"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
}
]
},
"id": "VAR-200612-0209",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-22731"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:32:32.850000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.symantec.com/index.jsp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6623"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/21615"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/info/advisories/bypassing-process-identification-serveral-personal-firewalls-hips.php"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6623"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6623"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/454522/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.infoprocess.com.au/antihook.php"
},
{
"trust": 0.3,
"url": "http://www.grisoft.com/"
},
{
"trust": 0.3,
"url": "http://www.comodo.com/"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.filseclab.com%2feng%2fproducts%2ffirewall.htm\u0026ei=d_6crfdcapuwnqptjcb_\u0026usg=__uqizxyyvwb4dlpaaogel8nftkja=\u0026sig2=riufvoqmxrfqyl4h1bsrzq"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.looknstop.com%2f\u0026ei=m_6crfl8n6cunqp5wef7\u0026usg=__ufqwvzzztduykujwzxq2euu_xna=\u0026sig2=1vrohasxv2wrxkwcut7fua"
},
{
"trust": 0.3,
"url": "/archive/1/454522"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22731"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"db": "NVD",
"id": "CVE-2006-6623"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-22731"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"db": "NVD",
"id": "CVE-2006-6623"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-22731"
},
{
"date": "2006-12-15T00:00:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"date": "2006-12-18T11:28:00",
"db": "NVD",
"id": "CVE-2006-6623"
},
{
"date": "2006-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-397"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-22731"
},
{
"date": "2006-12-15T21:18:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001773"
},
{
"date": "2018-10-17T21:49:18.067000",
"db": "NVD",
"id": "CVE-2006-6623"
},
{
"date": "2007-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-397"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sygate Personal Firewall Vulnerability that bypasses ongoing product control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001773"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-397"
}
],
"trust": 0.6
}
}
VAR-200612-0204
Vulnerability from variot - Updated: 2023-12-18 12:32AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. (1) PEB Inside ImagePathName (2) PEB Inside CommandLine (3) PEB Inside WindowTitle field. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer. The following software is vulnerable; other versions may also be affected: InfoProcess AntiHook version 3.0.0.23 AVG Anti-Virus plus Firewall version 7.5.431 Comodo Personal Firewall version 2.3.6.81 Filseclab Personal Firewall version 3.0.0.8686 Look 'n' Stop Personal Firewall version 2.05p2 Symantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. A remote attacker can use the spoofed process to bypass the control of the security check. Including (1) the image directory name, (2) the command line, and (3) the WINDOWS header text in the PEB
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200612-0204",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sygate personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "symantec",
"version": "5.6.2808"
},
{
"model": "antihook",
"scope": "eq",
"trust": 1.3,
"vendor": "infoprocess",
"version": "3.0.23"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "filseclab",
"version": "3.0.8686"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "comodo",
"version": "2.3.6.81"
},
{
"model": "look n stop",
"scope": "eq",
"trust": 1.0,
"vendor": "soft4ever",
"version": "2.05p2"
},
{
"model": "antivirus plus firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "avg",
"version": "7.5.431"
},
{
"model": "antihook",
"scope": "eq",
"trust": 0.8,
"vendor": "infoprocess",
"version": "3.0.0.23"
},
{
"model": "\u0027n\u0027 stop look \u0027n\u0027 stop 2.05p2",
"scope": null,
"trust": 0.3,
"vendor": "look",
"version": null
},
{
"model": "anti-virus plus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "7.5.431"
}
],
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001768"
},
{
"db": "NVD",
"id": "CVE-2006-6618"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-391"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:comodo:comodo_personal_firewall:2.3.6.81:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:filseclab:personal_firewall:3.0.8686:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avg:antivirus_plus_firewall:7.5.431:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:infoprocess:antihook:3.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:soft4ever:look_n_stop:2.05p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:sygate_personal_firewall:5.6.2808:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6618"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matousec http://www.matousec.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-391"
}
],
"trust": 0.6
},
"cve": "CVE-2006-6618",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2006-6618",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-22726",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-6618",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200612-391",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-22726",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22726"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001768"
},
{
"db": "NVD",
"id": "CVE-2006-6618"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-391"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. (1) PEB Inside ImagePathName (2) PEB Inside CommandLine (3) PEB Inside WindowTitle field. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. \nAn attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim\u0027s computer. \nThe following software is vulnerable; other versions may also be affected:\nInfoProcess AntiHook version 3.0.0.23\nAVG Anti-Virus plus Firewall version 7.5.431\nComodo Personal Firewall version 2.3.6.81\nFilseclab Personal Firewall version 3.0.0.8686\nLook \u0027n\u0027 Stop Personal Firewall version 2.05p2\nSymantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. A remote attacker can use the spoofed process to bypass the control of the security check. Including (1) the image directory name, (2) the command line, and (3) the WINDOWS header text in the PEB",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6618"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001768"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "VULHUB",
"id": "VHN-22726"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6618",
"trust": 2.5
},
{
"db": "BID",
"id": "21615",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001768",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200612-391",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20061215 BYPASSING PROCESS IDENTIFICATION OF SEVERAL PERSONAL FIREWALLS AND HIPS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-22726",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22726"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001768"
},
{
"db": "NVD",
"id": "CVE-2006-6618"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-391"
}
]
},
"id": "VAR-200612-0204",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-22726"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:32:32.818000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.infoprocess.com.au/antihook.php"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001768"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6618"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/21615"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/info/advisories/bypassing-process-identification-serveral-personal-firewalls-hips.php"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6618"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6618"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/454522/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.infoprocess.com.au/antihook.php"
},
{
"trust": 0.3,
"url": "http://www.grisoft.com/"
},
{
"trust": 0.3,
"url": "http://www.comodo.com/"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.filseclab.com%2feng%2fproducts%2ffirewall.htm\u0026ei=d_6crfdcapuwnqptjcb_\u0026usg=__uqizxyyvwb4dlpaaogel8nftkja=\u0026sig2=riufvoqmxrfqyl4h1bsrzq"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.looknstop.com%2f\u0026ei=m_6crfl8n6cunqp5wef7\u0026usg=__ufqwvzzztduykujwzxq2euu_xna=\u0026sig2=1vrohasxv2wrxkwcut7fua"
},
{
"trust": 0.3,
"url": "/archive/1/454522"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22726"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001768"
},
{
"db": "NVD",
"id": "CVE-2006-6618"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-391"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-22726"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001768"
},
{
"db": "NVD",
"id": "CVE-2006-6618"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-391"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-22726"
},
{
"date": "2006-12-15T00:00:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001768"
},
{
"date": "2006-12-18T11:28:00",
"db": "NVD",
"id": "CVE-2006-6618"
},
{
"date": "2006-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-391"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-22726"
},
{
"date": "2006-12-15T21:18:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001768"
},
{
"date": "2018-10-17T21:49:16.660000",
"db": "NVD",
"id": "CVE-2006-6618"
},
{
"date": "2007-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-391"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-391"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AntiHook - Desktop Vulnerabilities that prevent process product control on process",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001768"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-391"
}
],
"trust": 0.6
}
}
VAR-200612-0207
Vulnerability from variot - Updated: 2023-12-18 12:32Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer. The following software is vulnerable; other versions may also be affected: InfoProcess AntiHook version 3.0.0.23 AVG Anti-Virus plus Firewall version 7.5.431 Comodo Personal Firewall version 2.3.6.81 Filseclab Personal Firewall version 3.0.0.8686 Look 'n' Stop Personal Firewall version 2.05p2 Symantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. Remote attackers can use spoofed processes to bypass the control of security checks. Including (1) image directory name, (2) command line, and (3) WINDOWS header text in PEB
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200612-0207",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sygate personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "symantec",
"version": "5.6.2808"
},
{
"model": "antihook",
"scope": "eq",
"trust": 1.3,
"vendor": "infoprocess",
"version": "3.0.23"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "filseclab",
"version": "3.0.8686"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "comodo",
"version": "2.3.6.81"
},
{
"model": "look n stop",
"scope": "eq",
"trust": 1.0,
"vendor": "soft4ever",
"version": "2.05p2"
},
{
"model": "antivirus plus firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "avg",
"version": "7.5.431"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "filseclab",
"version": "3.0.0.8686"
},
{
"model": "\u0027n\u0027 stop look \u0027n\u0027 stop 2.05p2",
"scope": null,
"trust": 0.3,
"vendor": "look",
"version": null
},
{
"model": "anti-virus plus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "7.5.431"
}
],
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001771"
},
{
"db": "NVD",
"id": "CVE-2006-6621"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-399"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:symantec:sygate_personal_firewall:5.6.2808:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:comodo:comodo_personal_firewall:2.3.6.81:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:filseclab:personal_firewall:3.0.8686:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:infoprocess:antihook:3.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:soft4ever:look_n_stop:2.05p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avg:antivirus_plus_firewall:7.5.431:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6621"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matousec http://www.matousec.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-399"
}
],
"trust": 0.6
},
"cve": "CVE-2006-6621",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2006-6621",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-22729",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-6621",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200612-399",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-22729",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22729"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001771"
},
{
"db": "NVD",
"id": "CVE-2006-6621"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-399"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. \nAn attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim\u0027s computer. \nThe following software is vulnerable; other versions may also be affected:\nInfoProcess AntiHook version 3.0.0.23\nAVG Anti-Virus plus Firewall version 7.5.431\nComodo Personal Firewall version 2.3.6.81\nFilseclab Personal Firewall version 3.0.0.8686\nLook \u0027n\u0027 Stop Personal Firewall version 2.05p2\nSymantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. Remote attackers can use spoofed processes to bypass the control of security checks. Including (1) image directory name, (2) command line, and (3) WINDOWS header text in PEB",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6621"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001771"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "VULHUB",
"id": "VHN-22729"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6621",
"trust": 2.5
},
{
"db": "BID",
"id": "21615",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001771",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200612-399",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20061215 BYPASSING PROCESS IDENTIFICATION OF SEVERAL PERSONAL FIREWALLS AND HIPS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-22729",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22729"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001771"
},
{
"db": "NVD",
"id": "CVE-2006-6621"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-399"
}
]
},
"id": "VAR-200612-0207",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-22729"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:32:32.791000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.filseclab.com/eng/products/firewall.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001771"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6621"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/21615"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/info/advisories/bypassing-process-identification-serveral-personal-firewalls-hips.php"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6621"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6621"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/454522/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.infoprocess.com.au/antihook.php"
},
{
"trust": 0.3,
"url": "http://www.grisoft.com/"
},
{
"trust": 0.3,
"url": "http://www.comodo.com/"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.filseclab.com%2feng%2fproducts%2ffirewall.htm\u0026ei=d_6crfdcapuwnqptjcb_\u0026usg=__uqizxyyvwb4dlpaaogel8nftkja=\u0026sig2=riufvoqmxrfqyl4h1bsrzq"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.looknstop.com%2f\u0026ei=m_6crfl8n6cunqp5wef7\u0026usg=__ufqwvzzztduykujwzxq2euu_xna=\u0026sig2=1vrohasxv2wrxkwcut7fua"
},
{
"trust": 0.3,
"url": "/archive/1/454522"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22729"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001771"
},
{
"db": "NVD",
"id": "CVE-2006-6621"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-399"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-22729"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001771"
},
{
"db": "NVD",
"id": "CVE-2006-6621"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-399"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-22729"
},
{
"date": "2006-12-15T00:00:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001771"
},
{
"date": "2006-12-18T11:28:00",
"db": "NVD",
"id": "CVE-2006-6621"
},
{
"date": "2006-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-399"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-22729"
},
{
"date": "2006-12-15T21:18:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001771"
},
{
"date": "2018-10-17T21:49:17.490000",
"db": "NVD",
"id": "CVE-2006-6621"
},
{
"date": "2007-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-399"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-399"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Filseclab Personal Firewall Vulnerability that bypasses ongoing product control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001771"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-399"
}
],
"trust": 0.6
}
}
VAR-200612-0208
Vulnerability from variot - Updated: 2023-12-18 12:32Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer. The following software is vulnerable; other versions may also be affected: InfoProcess AntiHook version 3.0.0.23 AVG Anti-Virus plus Firewall version 7.5.431 Comodo Personal Firewall version 2.3.6.81 Filseclab Personal Firewall version 3.0.0.8686 Look 'n' Stop Personal Firewall version 2.05p2 Symantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. Controls that allow remote attackers to bypass security checks by spoofing the process. Including (1) the image directory name, (2) the command line, and (3) the WINDOWS header text in the PEB
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200612-0208",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sygate personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "symantec",
"version": "5.6.2808"
},
{
"model": "antihook",
"scope": "eq",
"trust": 1.3,
"vendor": "infoprocess",
"version": "3.0.23"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "filseclab",
"version": "3.0.8686"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "comodo",
"version": "2.3.6.81"
},
{
"model": "look n stop",
"scope": "eq",
"trust": 1.0,
"vendor": "soft4ever",
"version": "2.05p2"
},
{
"model": "antivirus plus firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "avg",
"version": "7.5.431"
},
{
"model": "look n stop",
"scope": "eq",
"trust": 0.8,
"vendor": "soft4ever",
"version": "20061215"
},
{
"model": "look n stop",
"scope": "lt",
"trust": 0.8,
"vendor": "soft4ever",
"version": "2.05p2"
},
{
"model": "\u0027n\u0027 stop look \u0027n\u0027 stop 2.05p2",
"scope": null,
"trust": 0.3,
"vendor": "look",
"version": null
},
{
"model": "anti-virus plus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "7.5.431"
}
],
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001772"
},
{
"db": "NVD",
"id": "CVE-2006-6622"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-386"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:avg:antivirus_plus_firewall:7.5.431:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:infoprocess:antihook:3.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:soft4ever:look_n_stop:2.05p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:sygate_personal_firewall:5.6.2808:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:comodo:comodo_personal_firewall:2.3.6.81:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:filseclab:personal_firewall:3.0.8686:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6622"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matousec http://www.matousec.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-386"
}
],
"trust": 0.6
},
"cve": "CVE-2006-6622",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2006-6622",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-22730",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-6622",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200612-386",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-22730",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22730"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001772"
},
{
"db": "NVD",
"id": "CVE-2006-6622"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-386"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Soft4Ever Look \u0027n\u0027 Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. \nAn attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim\u0027s computer. \nThe following software is vulnerable; other versions may also be affected:\nInfoProcess AntiHook version 3.0.0.23\nAVG Anti-Virus plus Firewall version 7.5.431\nComodo Personal Firewall version 2.3.6.81\nFilseclab Personal Firewall version 3.0.0.8686\nLook \u0027n\u0027 Stop Personal Firewall version 2.05p2\nSymantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. Controls that allow remote attackers to bypass security checks by spoofing the process. Including (1) the image directory name, (2) the command line, and (3) the WINDOWS header text in the PEB",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6622"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001772"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "VULHUB",
"id": "VHN-22730"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6622",
"trust": 2.5
},
{
"db": "BID",
"id": "21615",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001772",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200612-386",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20061215 BYPASSING PROCESS IDENTIFICATION OF SEVERAL PERSONAL FIREWALLS AND HIPS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-22730",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22730"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001772"
},
{
"db": "NVD",
"id": "CVE-2006-6622"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-386"
}
]
},
"id": "VAR-200612-0208",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-22730"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:32:32.764000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.looknstop.com/en/index2.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001772"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6622"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/21615"
},
{
"trust": 1.7,
"url": "http://www.wilderssecurity.com/showthread.php?t=158155"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/info/advisories/bypassing-process-identification-serveral-personal-firewalls-hips.php"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6622"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6622"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/454522/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.infoprocess.com.au/antihook.php"
},
{
"trust": 0.3,
"url": "http://www.grisoft.com/"
},
{
"trust": 0.3,
"url": "http://www.comodo.com/"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.filseclab.com%2feng%2fproducts%2ffirewall.htm\u0026ei=d_6crfdcapuwnqptjcb_\u0026usg=__uqizxyyvwb4dlpaaogel8nftkja=\u0026sig2=riufvoqmxrfqyl4h1bsrzq"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.looknstop.com%2f\u0026ei=m_6crfl8n6cunqp5wef7\u0026usg=__ufqwvzzztduykujwzxq2euu_xna=\u0026sig2=1vrohasxv2wrxkwcut7fua"
},
{
"trust": 0.3,
"url": "/archive/1/454522"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22730"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001772"
},
{
"db": "NVD",
"id": "CVE-2006-6622"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-386"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-22730"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001772"
},
{
"db": "NVD",
"id": "CVE-2006-6622"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-386"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-22730"
},
{
"date": "2006-12-15T00:00:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001772"
},
{
"date": "2006-12-18T11:28:00",
"db": "NVD",
"id": "CVE-2006-6622"
},
{
"date": "2006-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-386"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-22730"
},
{
"date": "2006-12-15T21:18:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001772"
},
{
"date": "2018-10-17T21:49:17.757000",
"db": "NVD",
"id": "CVE-2006-6622"
},
{
"date": "2007-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-386"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-386"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Soft4Ever LnS Vulnerability that bypasses ongoing product control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001772"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-386"
}
],
"trust": 0.6
}
}
VAR-200612-0205
Vulnerability from variot - Updated: 2023-12-18 12:32AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. (1) PEB Inside ImagePathName (2) PEB Inside CommandLine (3) PEB Inside WindowTitle field. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer. The following software is vulnerable; other versions may also be affected: InfoProcess AntiHook version 3.0.0.23 AVG Anti-Virus plus Firewall version 7.5.431 Comodo Personal Firewall version 2.3.6.81 Filseclab Personal Firewall version 3.0.0.8686 Look 'n' Stop Personal Firewall version 2.05p2 Symantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. A remote attacker can use the spoofed process to bypass the control of the security check. Including (1) the image directory name, (2) the command line, and (3) the WINDOWS header text in the PEB
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200612-0205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sygate personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "symantec",
"version": "5.6.2808"
},
{
"model": "antivirus plus firewall",
"scope": "eq",
"trust": 1.8,
"vendor": "avg",
"version": "7.5.431"
},
{
"model": "antihook",
"scope": "eq",
"trust": 1.3,
"vendor": "infoprocess",
"version": "3.0.23"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "filseclab",
"version": "3.0.8686"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "comodo",
"version": "2.3.6.81"
},
{
"model": "look n stop",
"scope": "eq",
"trust": 1.0,
"vendor": "soft4ever",
"version": "2.05p2"
},
{
"model": "\u0027n\u0027 stop look \u0027n\u0027 stop 2.05p2",
"scope": null,
"trust": 0.3,
"vendor": "look",
"version": null
},
{
"model": "anti-virus plus firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "7.5.431"
}
],
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:infoprocess:antihook:3.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:soft4ever:look_n_stop:2.05p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:avg:antivirus_plus_firewall:7.5.431:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:comodo:comodo_personal_firewall:2.3.6.81:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:filseclab:personal_firewall:3.0.8686:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:sygate_personal_firewall:5.6.2808:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6619"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matousec http://www.matousec.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
],
"trust": 0.6
},
"cve": "CVE-2006-6619",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2006-6619",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-22727",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-6619",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200612-392",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-22727",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22727"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. (1) PEB Inside ImagePathName (2) PEB Inside CommandLine (3) PEB Inside WindowTitle field. Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability. \nAn attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim\u0027s computer. \nThe following software is vulnerable; other versions may also be affected:\nInfoProcess AntiHook version 3.0.0.23\nAVG Anti-Virus plus Firewall version 7.5.431\nComodo Personal Firewall version 2.3.6.81\nFilseclab Personal Firewall version 3.0.0.8686\nLook \u0027n\u0027 Stop Personal Firewall version 2.05p2\nSymantec Sygate Personal Firewall version 5.6.2808. are all very popular firewalls. There are loopholes in the processing of user-mode process information in multiple host security software, and attackers may use this loophole to bypass security restrictions. Personal firewalls, HIPS, and similar security software that enforce security on a per-process basis must be able to identify processes attempting to perform privileged operations. A remote attacker can use the spoofed process to bypass the control of the security check. Including (1) the image directory name, (2) the command line, and (3) the WINDOWS header text in the PEB",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "VULHUB",
"id": "VHN-22727"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-22727",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22727"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-6619",
"trust": 2.5
},
{
"db": "BID",
"id": "21615",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001769",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200612-392",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20061215 BYPASSING PROCESS IDENTIFICATION OF SEVERAL PERSONAL FIREWALLS AND HIPS",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-82802",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "29287",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-22727",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22727"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
]
},
"id": "VAR-200612-0205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-22727"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:32:32.735000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.avg.co.jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-6619"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/21615"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
},
{
"trust": 1.7,
"url": "http://www.matousec.com/info/advisories/bypassing-process-identification-serveral-personal-firewalls-hips.php"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6619"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6619"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/454522/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.infoprocess.com.au/antihook.php"
},
{
"trust": 0.3,
"url": "http://www.grisoft.com/"
},
{
"trust": 0.3,
"url": "http://www.comodo.com/"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.filseclab.com%2feng%2fproducts%2ffirewall.htm\u0026ei=d_6crfdcapuwnqptjcb_\u0026usg=__uqizxyyvwb4dlpaaogel8nftkja=\u0026sig2=riufvoqmxrfqyl4h1bsrzq"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "http://www.google.ca/url?sa=t\u0026ct=res\u0026cd=1\u0026url=http%3a%2f%2fwww.looknstop.com%2f\u0026ei=m_6crfl8n6cunqp5wef7\u0026usg=__ufqwvzzztduykujwzxq2euu_xna=\u0026sig2=1vrohasxv2wrxkwcut7fua"
},
{
"trust": 0.3,
"url": "/archive/1/454522"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-22727"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-22727"
},
{
"db": "BID",
"id": "21615"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-22727"
},
{
"date": "2006-12-15T00:00:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"date": "2006-12-18T11:28:00",
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"date": "2006-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-22727"
},
{
"date": "2006-12-15T21:18:00",
"db": "BID",
"id": "21615"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-001769"
},
{
"date": "2018-10-17T21:49:16.927000",
"db": "NVD",
"id": "CVE-2006-6619"
},
{
"date": "2007-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "21615"
},
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AVG Anti-Virus plus Firewall Vulnerabilities that prevent process product control on process",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-001769"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200612-392"
}
],
"trust": 0.6
}
}
CVE-2006-6619 (GCVE-0-2006-6619)
Vulnerability from nvd – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:33
VLAI
Summary
AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.matousec.com/info/advisories/Bypassing… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/454522/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/21615 | vdb-entryx_refsource_BID |
| http://www.matousec.com/downloads/windows-persona… | x_refsource_MISC |
Date Public
2006-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21615"
},
{
"name": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip",
"refsource": "MISC",
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6619",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6620 (GCVE-0-2006-6620)
Vulnerability from nvd – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:33
VLAI
Summary
Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.matousec.com/info/advisories/Bypassing… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/454522/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/21615 | vdb-entryx_refsource_BID |
| http://www.matousec.com/downloads/windows-persona… | x_refsource_MISC |
Date Public
2006-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21615"
},
{
"name": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip",
"refsource": "MISC",
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6620",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6618 (GCVE-0-2006-6618)
Vulnerability from nvd – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:33
VLAI
Summary
AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.matousec.com/info/advisories/Bypassing… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/454522/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/21615 | vdb-entryx_refsource_BID |
| http://www.matousec.com/downloads/windows-persona… | x_refsource_MISC |
Date Public
2006-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21615"
},
{
"name": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip",
"refsource": "MISC",
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6618",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6622 (GCVE-0-2006-6622)
Vulnerability from nvd – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:34
VLAI
Summary
Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.matousec.com/info/advisories/Bypassing… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/454522/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/21615 | vdb-entryx_refsource_BID |
| http://www.wilderssecurity.com/showthread.php?t=158155 | x_refsource_CONFIRM |
| http://www.matousec.com/downloads/windows-persona… | x_refsource_MISC |
Date Public
2006-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:34:00.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wilderssecurity.com/showthread.php?t=158155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Soft4Ever Look \u0027n\u0027 Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wilderssecurity.com/showthread.php?t=158155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Soft4Ever Look \u0027n\u0027 Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21615"
},
{
"name": "http://www.wilderssecurity.com/showthread.php?t=158155",
"refsource": "CONFIRM",
"url": "http://www.wilderssecurity.com/showthread.php?t=158155"
},
{
"name": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip",
"refsource": "MISC",
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6622",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:34:00.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6621 (GCVE-0-2006-6621)
Vulnerability from nvd – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:33
VLAI
Summary
Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.matousec.com/info/advisories/Bypassing… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/454522/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/21615 | vdb-entryx_refsource_BID |
| http://www.matousec.com/downloads/windows-persona… | x_refsource_MISC |
Date Public
2006-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21615"
},
{
"name": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip",
"refsource": "MISC",
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6621",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6623 (GCVE-0-2006-6623)
Vulnerability from nvd – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:33
VLAI
Summary
Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.matousec.com/info/advisories/Bypassing… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/454522/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/21615 | vdb-entryx_refsource_BID |
| http://www.matousec.com/downloads/windows-persona… | x_refsource_MISC |
Date Public
2006-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21615"
},
{
"name": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip",
"refsource": "MISC",
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6623",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6619 (GCVE-0-2006-6619)
Vulnerability from cvelistv5 – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:33
VLAI
Summary
AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.matousec.com/info/advisories/Bypassing… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/454522/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/21615 | vdb-entryx_refsource_BID |
| http://www.matousec.com/downloads/windows-persona… | x_refsource_MISC |
Date Public
2006-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21615"
},
{
"name": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip",
"refsource": "MISC",
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6619",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6620 (GCVE-0-2006-6620)
Vulnerability from cvelistv5 – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:33
VLAI
Summary
Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.matousec.com/info/advisories/Bypassing… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/454522/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/21615 | vdb-entryx_refsource_BID |
| http://www.matousec.com/downloads/windows-persona… | x_refsource_MISC |
Date Public
2006-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21615"
},
{
"name": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip",
"refsource": "MISC",
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6620",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6618 (GCVE-0-2006-6618)
Vulnerability from cvelistv5 – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:33
VLAI
Summary
AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.matousec.com/info/advisories/Bypassing… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/454522/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/21615 | vdb-entryx_refsource_BID |
| http://www.matousec.com/downloads/windows-persona… | x_refsource_MISC |
Date Public
2006-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21615"
},
{
"name": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip",
"refsource": "MISC",
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6618",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6622 (GCVE-0-2006-6622)
Vulnerability from cvelistv5 – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:34
VLAI
Summary
Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.matousec.com/info/advisories/Bypassing… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/454522/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/21615 | vdb-entryx_refsource_BID |
| http://www.wilderssecurity.com/showthread.php?t=158155 | x_refsource_CONFIRM |
| http://www.matousec.com/downloads/windows-persona… | x_refsource_MISC |
Date Public
2006-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:34:00.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.wilderssecurity.com/showthread.php?t=158155"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Soft4Ever Look \u0027n\u0027 Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.wilderssecurity.com/showthread.php?t=158155"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Soft4Ever Look \u0027n\u0027 Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21615"
},
{
"name": "http://www.wilderssecurity.com/showthread.php?t=158155",
"refsource": "CONFIRM",
"url": "http://www.wilderssecurity.com/showthread.php?t=158155"
},
{
"name": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip",
"refsource": "MISC",
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6622",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:34:00.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6621 (GCVE-0-2006-6621)
Vulnerability from cvelistv5 – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:33
VLAI
Summary
Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.matousec.com/info/advisories/Bypassing… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/454522/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/21615 | vdb-entryx_refsource_BID |
| http://www.matousec.com/downloads/windows-persona… | x_refsource_MISC |
Date Public
2006-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21615"
},
{
"name": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip",
"refsource": "MISC",
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6621",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6623 (GCVE-0-2006-6623)
Vulnerability from cvelistv5 – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:33
VLAI
Summary
Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.matousec.com/info/advisories/Bypassing… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/454522/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/21615 | vdb-entryx_refsource_BID |
| http://www.matousec.com/downloads/windows-persona… | x_refsource_MISC |
Date Public
2006-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product\u0027s controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php"
},
{
"name": "20061215 Bypassing process identification of several personal firewalls and HIPS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454522/100/0/threaded"
},
{
"name": "21615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21615"
},
{
"name": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip",
"refsource": "MISC",
"url": "http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6623",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}