Poll
Should software vendors reward independent researchers for finding vulnerabilities in their software?
Advisory 2010-05-05.01
KHOBE – 8.0 earthquake for Windows desktop security software advisory
Basic information:
Release date: May 05, 2010
Last update: May 14, 2010
Severity:Critical
Character:Complete system control, privilege escalation
Status:N/A
Proof of concept:Not publicly disclosed
Description:
Available in the KHOBE – 8.0 earthquake for Windows desktop security software article.
Vulnerable software:
- 3D EQSecure Professional Edition 4.2
- avast! Internet Security 5.0.462
- AVG Internet Security 9.0.791
- Avira Premium Security Suite 10.0.0.536
- BitDefender Total Security 2010 13.0.20.347
- Blink Professional 4.6.1
- CA Internet Security Suite Plus 2010 6.0.0.272
- Comodo Internet Security Free 4.0.138377.779
- DefenseWall Personal Firewall 3.00
- Dr.Web Security Space Pro 6.0.0.03100
- ESET Smart Security 4.2.35.3
- F-Secure Internet Security 2010 10.00 build 246
- G DATA TotalCare 2010
- Kaspersky Internet Security 2010 9.0.0.736
- KingSoft Personal Firewall 9 Plus 2009.05.07.70
- Malware Defender 2.6.0
- McAfee Total Protection 2010 10.0.580
- Norman Security Suite PRO 8.0
- Norton Internet Security 2010 17.5.0.127
- Online Armor Premium 4.0.0.35
- Online Solutions Security Suite 1.5.14905.0
- Outpost Security Suite Pro 6.7.3.3063.452.0726
- Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION
- Panda Internet Security 2010 15.01.00
- PC Tools Firewall Plus 6.0.0.88
- Prevx 3.0.5.143
- PrivateFirewall 7.0.20.37
- Security Shield 2010 13.0.16.313
- Sophos Endpoint Security and Control 9.0.5
- ThreatFire 4.7.0.17
- Trend Micro Internet Security Pro 2010 17.50.1647.0000
- Vba32 Personal 3.12.12.4
- VIPRE Antivirus Premium 4.0.3272
- VirusBuster Internet Security Suite 3.2
- Webroot Internet Security Essentials 6.1.0.145
- ZoneAlarm Extreme Security 9.1.507.000
- probably other versions of above mentioned software
- possibly many other software products that use kernel hooks to implement security features
Not vulnerable software:
- All software products that do not use SSDT hooks or other kinds of kernel mode hooks on similar level or user mode hooks to implement security features
Events:
- 2010-05-05: Advisory released
- 2008-10-28–2010-04-20: Vendors notifications, some vendors confirmed the vulnerability
References:
- SecurityFocus Vulnerabilities BID 39924
- Computer Security Vulnerabilities
- Time-of-check-to-time-of-use bugs on Wikipedia
- Checking for Race Conditions in File Accesses by Matt Bishop and Michael Dilger
- TOCTOU with NT System Service Hooking by Andrey Kolishak
- From Ring Zero to UID Zero by twiz and sgrakkyu