PT-2007-1804 · Agnitum · Agnitum Outpost Firewall Pro

Published

2007-01-18

Updated

2018-10-16

CVE-2007-0333

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Agnitum Outpost Firewall PRO version 4.0

Description: The issue allows local users to bypass access restrictions. This is achieved by creating links using FileLinkInformation requests with the ZwSetInformationFile function. It has been demonstrated that this can be used to insert Trojan horse drivers into the product's installation directory, such as modifying SandBox.sys.

Recommendations: For Agnitum Outpost Firewall PRO version 4.0, consider restricting access to the installation directory to prevent unauthorized modifications until a fix is available. As a temporary workaround, avoid using the ZwSetInformationFile function for creating links with FileLinkInformation requests.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0333

Affected Products

Agnitum Outpost Firewall Pro

PT-2007-1804 · Agnitum · Agnitum Outpost Firewall Pro

CVE-2007-0333

Related Identifiers

Affected Products

References · 8