CVE-2009-2450

The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ before 3.5.0.12, and Personal Firewall 3.5 before 3.5.0.14, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\OAmon containing arbitrary kernel addresses, as demonstrated using the 0x830020C3 IOCTL.

Published: Jul 13, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-2450
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
tallemu / personal_firewall	3.5.0.5	3.5.0.5.x
tallemu / personal_firewall	3.5.0.9	3.5.0.9.x
tallemu / personal_firewall	3.5.0.1	3.5.0.1.x
tallemu / online_armor_personal_firewall_av+	-	3.5.0.11.x
tallemu / personal_firewall	3.5.0.11	3.5.0.11.x
tallemu / online_armor_personal_firewall_av+	3.5.0.6	3.5.0.6.x
tallemu / personal_firewall	3.5.0.3	3.5.0.3.x
tallemu / personal_firewall	3.5.0.4	3.5.0.4.x
tallemu / online_armor_personal_firewall_av+	3.5.0.9	3.5.0.9.x
tallemu / personal_firewall	3.5.0.10	3.5.0.10.x
tallemu / personal_firewall	3.5.0.6	3.5.0.6.x
tallemu / personal_firewall	3.5.0.12	3.5.0.12.x
tallemu / personal_firewall	3.5.0.7	3.5.0.7.x
tallemu / personal_firewall	3.5.0.8	3.5.0.8.x
tallemu / personal_firewall	-	3.5.0.13.x
tallemu / personal_firewall	3.5.0.2	3.5.0.2.x

Vulnerability Database

289,871

CVE-2009-2450