CVE-2007-4967

Name of the Vulnerable Software and Affected Versions Online Armor Personal Firewall version 2.0.1.215

Description The issue arises from improper validation of certain parameters to System Service Descriptor Table (SSDT) function handlers, allowing local users to cause a denial of service (crash) and possibly gain privileges. This is achieved through unspecified kernel SSDT hooks for various Windows Native API functions, including NtAllocateVirtualMemory, NtConnectPort, NtCreateFile, NtCreateKey, NtCreatePort, NtDeleteFile, NtDeleteValueKey, NtLoadKey, NtOpenFile, NtOpenProcess, NtOpenThread, NtResumeThread, NtSetContextThread, NtSetValueKey, NtSuspendProcess, NtSuspendThread, and NtTerminateThread.

Recommendations To resolve the issue, update to a version of Online Armor Personal Firewall that properly validates parameters to SSDT function handlers. As a temporary workaround, consider restricting access to the Windows Native API functions until a patch is available.