matousec.com (site map)

Poll

On Windows 7 (or Vista) I use

  unlimited administrator's account (57.94%)

  limited administrator's account (16.4%)

  common user's account (13.64%)

  nothing (I do not use Win 7/Vista) (14.26%)

more

results

Advisory 2006-07-15.01

Kerio Terminating 'kpf4ss.exe' using internal runtime error Vulnerability

Basic information:


Release date: July 15, 2006

Last update: March 12, 2007

Severity:Critical

Character:Complete system control

Status:Fixed

Testing program: BTP00003P001SK.zip

Description:

Kerio uses strange ring3 hooks that communicates the Kerio driver using an interupt. Windows API CreateRemoteThread is hooked by Kerio in user mode in every process. Calling this API can cause a crash of the Kerio service 'kpf4ss.exe'. The cause of this behaviour is unknown. The crash of the Kerio service equals to disabling the protection. The tray icon of Kerio is not functional any more after exploiting the bug, any aplication can perform arbitrary protected action including Internet access and process creation.

Vulnerable software:

Not vulnerable software:

Events:

References: