CVE-2004-0767

Name of the Vulnerable Software and Affected Versions NGSEC StackDefender version 1.10

Description The issue allows attackers to cause a denial of service, resulting in a system crash. This can be achieved by providing an invalid address for the ObjectAttribues parameter to the hooks for the (1) ZwCreateFile or (2) ZwOpenFile functions.

Recommendations For NGSEC StackDefender version 1.10, consider restricting access to the ZwCreateFile and ZwOpenFile functions until a patch is available. As a temporary workaround, avoid using invalid addresses for the ObjectAttribues parameter in these functions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.