CVE-2010-5164

Published: Aug 25, 2012Modified: Apr 29, 2026

5.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 1.8 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Affected (1)

Products: Kingsoft: Personal Firewall 9

1 product

Personal Firewall 9

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kingsoft Personal Firewall 9	Version 2009.05.07.70

Running on/with	Platform Versions
Microsoft Windows Xp	All versions

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (18)

http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html

Source: cve@mitre.org

http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html

Source: cve@mitre.org

http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/

Source: cve@mitre.org

http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php

Source: cve@mitre.org

http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php

Source: cve@mitre.org

http://www.f-secure.com/weblog/archives/00001949.html

Source: cve@mitre.org

http://www.osvdb.org/67660

Source: cve@mitre.org

http://www.securityfocus.com/bid/39924

Source: cve@mitre.org

http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/

Source: af854a3a-2127-422b-91ae-364da2661108

http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.f-secure.com/weblog/archives/00001949.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/67660

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/39924

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.