CVE-2006-6623

Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.

Published: Dec 18, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-6623
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
soft4ever / look_n_stop	2.05p2	2.05p2.x
avg / antivirus_plus_firewall	7.5.431	7.5.431.x
comodo / comodo_personal_firewall	2.3.6.81	2.3.6.81.x
infoprocess / antihook	3.0.23	3.0.23.x
symantec / sygate_personal_firewall	5.6.2808	5.6.2808.x
filseclab / personal_firewall	3.0.8686	3.0.8686.x

http://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip
http://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php
http://www.securityfocus.com/archive/1/454522/100/0/threaded
http://www.securityfocus.com/bid/21615

Vulnerability Database

289,871

CVE-2006-6623