Severity: CA has given these vulnerabilities a Medium risk rating.
Affected Products:
CA Host-Based Intrusion Prevention System r8
CA Internet Security Suite 2007 (v3.2) with CA Personal Firewall
2007 (v9.1) Engine version 1.2.260 and below
CA Internet Security Suite 2008 (v4.0) with CA Personal Firewall
2008 (v10.0) Engine version 1.2.260 and below
CA Personal Firewall 2007 (v9.1) with Engine version 1.2.260 and
below
services for sharing directories or files and printers, can be protected
by configuring a Cisco Security Agent rule that blocks all traffic to
TCP ports 139 and 445 (the SMB ports).
Such a rule exists in versions of Cisco Security Agent that include
the Network Personal Firewall policy. The specific rule can be found
by searching rules for one that has the description "All applications,
server for SMB services (offering network shares)" or by opening the
Personal Firewall Module rule module (attached to the Network Personal
Firewall policy) and editing the rule that has this description. This
rule is enabled by default but the default action must be changed from
* BlackICE PC Protection 3.6.cqn
* G DATA InternetSecurity 2007
* Ghost Security Suite beta 1.110 and alpha 1.200
* Kaspersky Internet Security 7.0.0.125
* Norton Internet Security 2008 15.0.0.60
* Online Armor Personal Firewall 2.0.1.215
* Outpost Firewall Pro 4.0.1025.7828
* Privatefirewall 5.0.14.2
* Process Monitor 1.22
* ProcessGuard 3.410
* ProSecurity 1.40 Beta 2
#!/usr/bin/perl
#[+] Bug : EesySec Personal Firewall Remote Buffer Overflow Exploit
#[+] program Download : http://www.effectmatrix.com/easysec/
#[+] Author : the_Edit0r
#[+] Contact me : the_3dit0r[at]Yahoo[dot]coM
#[+] Greetz to all my friends
#[+] Tested on: Windows XP Pro SP3
#[+] web site: Expl0iters.ir * Anti-security.ir
#[+] Big thnx: H4ckcity Member
use IO::Socket;
* Avira Premium Security Suite 10.0.0.536
* BitDefender Total Security 2010 13.0.20.347
* Blink Professional 4.6.1
* CA Internet Security Suite Plus 2010 6.0.0.272
* Comodo Internet Security Free 4.0.138377.779
* DefenseWall Personal Firewall 3.00
* Dr.Web Security Space Pro 6.0.0.03100
* ESET Smart Security 4.2.35.3
* F-Secure Internet Security 2010 10.00 build 246
* G DATA TotalCare 2010
* Kaspersky Internet Security 2010 9.0.0.736
Jun 04, 2008
I. BACKGROUND
aspersky Internet Security Suite is a combination of Kaspersky
anti-virus, anti-spam, and personal firewall in one product. For more
information see the vendor's website at the following URL.
http://www.kaspersky.com/
II. DESCRIPTION
Jun 04, 2008
I. BACKGROUND
aspersky Internet Security Suite is a combination of Kaspersky
anti-virus, anti-spam, and personal firewall in one product. For more
information see the vendor's website at the following URL.
http://www.kaspersky.com/
II. DESCRIPTION
Affected Products
Norton AntiSpam 2005
Norton AntiVirus 2005, 2006
Norton Internet Security 2005
Norton Personal Firewall 2005, 2006
Norton System Works 2005, 2006
Symantec AntiVirus Corporate Edition 10.0
Symantec AntiVirus Corporate Edition 10.1, prior to SAV 10.1 MR6 MP1
Symantec AntiVirus Corporate Edition 9, prior to SAV 9 MR6 MP1
Symantec Client Security 3.1, prior to SCS 3.1 MR6 MP1
VULNERABLE PRODUCTS
Rising Antivirus 2009 (21.62.04)
Rising Internet Security 2009 (21.62.04)
Rising Personal Firewall 2009 (21.62.04)
Prior versions may also be affected.
DETAILS
Rising installs the own program files with insecure permissions (Users: Full Control). Local attacker (unprivileged user) can replace some files (for example, executable files of Rising services) by malicious file and execute arbitrary code with SYSTEM privileges. This is local privilege escalation vulnerability.
When flooding the local network with random router advertisements,
hosts and routers update the network information, consuming all
available CPU resources, making the systems unusable and unresponsive.
As IPv6 and autoconfiguration are enabled by default, all are
affected in their default configuration.
For Windows, a personal firewall or similar security product does not
protect against this attack.
Note: Microsoft does not want to fix this security issue for their
products.
