CVE-2007-0709 — Firewall PRO vulnerability

6 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.0%

top 85.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Comodo Firewall PRO

Timeline

PublishedFeb 4

Latest updateMay 1

Description

cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDcomodo/comodo_firewall_pro2.4.16.174

🔴Vulnerability Details

GHSA

GHSA-p5gm-c4xq-m266: cmdmon↗2022-05-01

▶

CVEList

CVE-2007-0709: cmdmon↗2007-02-04

▶

💬Community

Bugzilla

CVE-2007-3392 Wireshark crashes when inspecting MMS traffic↗2007-06-29

▶

Bugzilla

CVE-2007-3392 Wireshark loops infinitely when inspecting SSL traffic↗2007-06-26

▶

Bugzilla

CVE-2007-3389 Wireshark crashes when inspecting HTTP traffic↗2007-06-26

▶