Outpost Firewall Pro Hooked Functions Denial of Service
Secunia Advisory: SA22913 Release Date: 2006-11-16
Software: Outpost Firewall Pro 4.x
Critical: Not critical
Where: Local system
Solution Status: Unpatched
Matousec has discovered a vulnerability in Outpost Firewall Pro, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within Sandbox.sys when handling the parameters of certain hooked functions. This can be exploited to cause a DoS by calling NtAssignProcessToJobObject, NtCreateKey, NtCreateThread, NtDeleteFile, NtLoadDriver, NtOpenProcess, NtProtectVirtualMemory, NtReplaceKey, NtTerminateProcess, NtTerminateThread, NtUnloadDriver, and NtWriteVirtualMemory with specially crafted parameters.
The vulnerability is confirmed in version 4.0.971.7030 (584). Other versions may also be affected.
Solution: Restrict access to trusted users only.
Original Advisory: Matousec Transparent Security: http://www.matousec.com/info/advisor...-functions.php