Published: 18/12/2006 Updated: 17/10/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.

Vulnerable Product	Search on Vulmon	Subscribe to Product
infoprocess antihook 3.0.23
soft4ever look n stop 2.05p2
avg antivirus plus firewall 7.5.431
comodo comodo personal firewall 2.3.6.81
filseclab personal firewall 3.0.8686
symantec sygate personal firewall 5.6.2808

source: wwwsecurityfocuscom/bid/21615/info Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer The ...

NVD-CWE-Other http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php http://www.securityfocus.com/bid/21615 http://www.securityfocus.com/archive/1/454522/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/29287/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-6619

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect