The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-03-07T20:00:00
Updated: 2018-10-16T14:57:01
Reserved: 2007-03-07T00:00:00
Link: CVE-2006-7160
JSON object: View
NVD Information
Status : Modified
Published: 2007-03-07T20:19:00.000
Modified: 2018-10-16T16:29:38.287
Link: CVE-2006-7160
JSON object: View
Redhat Information
No data.
CWE