CyberSec.Space Logo
Back to CVE Browser

CVE-2006-7160

MEDIUM
4.9
CVSS Severity Score
EPSS Score0.0220%
EPSS Percentile37.96th
PublishedMar 7, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions.

Affected Platforms (CPE)

πŸ“¦
Agnitum

Outpost Firewall

<= 4.0

References & Advisories

πŸ”— http://secunia.com/advisories/22913
πŸ”— http://securityreason.com/securityalert/2376
πŸ”— http://www.matousec.com/info/advisories/Outpost-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php
πŸ”— http://www.securityfocus.com/archive/1/451672/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/21097
πŸ”— http://www.vupen.com/english/advisories/2006/4537
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/30312
πŸ”— http://secunia.com/advisories/22913

Related Vulnerabilities

CVE-2004-25547.2

Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYST...

CVE-2007-03337.2

Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product...

CVE-2006-36977.2

Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell Bord...

CVE-2004-24725.0

Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a denial of service (CPU consumption) via a flood of small, inva...