Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: KHOBE - 8.0 earthquake for Windows desktop security software
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 6 May 2010 20:18:57 -0400

Hi ,

Also known as a TOCTOU binding flaw (thanks GDM).

http://nob.cs.ucdavis.edu/bishop/papers/1996-compsys/racecond.pdf (dated 1996).

Jeff

On Wed, May 5, 2010 at 3:14 AM, www.matousec.com - Research
<research () matousec com> wrote:
Hello,

We have found number of vulnerabilities in implementations of kernel hooks in many different security products.


Vulnerable software:

   * 3D EQSecure Professional Edition 4.2
   * avast! Internet Security 5.0.462
   * AVG Internet Security 9.0.791
   * Avira Premium Security Suite 10.0.0.536
   * BitDefender Total Security 2010 13.0.20.347
   * Blink Professional 4.6.1
   * CA Internet Security Suite Plus 2010 6.0.0.272
   * Comodo Internet Security Free 4.0.138377.779
   * DefenseWall Personal Firewall 3.00
   * Dr.Web Security Space Pro 6.0.0.03100
   * ESET Smart Security 4.2.35.3
   * F-Secure Internet Security 2010 10.00 build 246
   * G DATA TotalCare 2010
   * Kaspersky Internet Security 2010 9.0.0.736
   * KingSoft Personal Firewall 9 Plus 2009.05.07.70
   * Malware Defender 2.6.0
   * McAfee Total Protection 2010 10.0.580
   * Norman Security Suite PRO 8.0
   * Norton Internet Security 2010 17.5.0.127
   * Online Armor Premium 4.0.0.35
   * Online Solutions Security Suite 1.5.14905.0
   * Outpost Security Suite Pro 6.7.3.3063.452.0726
   * Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION
   * Panda Internet Security 2010 15.01.00
   * PC Tools Firewall Plus 6.0.0.88
   * PrivateFirewall 7.0.20.37
   * Security Shield 2010 13.0.16.313
   * Sophos Endpoint Security and Control 9.0.5
   * Trend Micro Internet Security Pro 2010 17.50.1647.0000
   * Vba32 Personal 3.12.12.4
   * VIPRE Antivirus Premium 4.0.3272
   * VirusBuster Internet Security Suite 3.2
   * Webroot Internet Security Essentials 6.1.0.145
   * ZoneAlarm Extreme Security 9.1.507.000
   * probably other versions of above mentioned software
   * possibly many other software products that use kernel hooks to implement security features


More details is available here:

Advisory: http://www.matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php
Article: http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php

Kind Regards,

--
www.matousec.com Research
Different Internet Experience Ltd.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault