CVE-2004-0766

Name of the Vulnerable Software and Affected Versions NGSEC StackDefender version 2.0

Description The issue allows attackers to cause a denial of service, resulting in a system crash. This can be achieved by providing an invalid address for the BaseAddress parameter to the hooks for the (1) ZwAllocateVirtualMemory or (2) ZwProtectVirtualMemory functions.

Recommendations For NGSEC StackDefender version 2.0, as a temporary workaround, consider restricting access to the ZwAllocateVirtualMemory and ZwProtectVirtualMemory functions until a patch is available. Avoid using invalid addresses for the BaseAddress parameter in these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.