CyberSec.Space Logo
CVEブラウザに戻る

CVE-2006-7160

MEDIUM
4.9
CVSS Severity Score
EPSS Score0.0220%
EPSS Percentile37.96th
Published2007年3月7日
Last Modified2026年4月23日

Vulnerability Description

The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions.

Affected Platforms (CPE)

📦
Agnitum

Outpost Firewall

<= 4.0

References & Advisories

🔗 http://secunia.com/advisories/22913
🔗 http://securityreason.com/securityalert/2376
🔗 http://www.matousec.com/info/advisories/Outpost-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php
🔗 http://www.securityfocus.com/archive/1/451672/100/0/threaded
🔗 http://www.securityfocus.com/bid/21097
🔗 http://www.vupen.com/english/advisories/2006/4537
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/30312
🔗 http://secunia.com/advisories/22913

関連する脆弱性情報

CVE-2004-25547.2

Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYST...

CVE-2007-03337.2

Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product...

CVE-2006-36977.2

Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell Bord...

CVE-2004-24725.0

Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a denial of service (CPU consumption) via a flood of small, inva...

CVE-2006-7160 Detail & Impact Analysis | CVSS 4.9 (MEDIUM) | Cyber-Sec.Space | Cyber-Sec.Space