CVE-2007-4970

Name of the Vulnerable Software and Affected Versions ProcessGuard version 3.410

Description The issue arises from improper validation of certain parameters to System Service Descriptor Table (SSDT) function handlers, allowing local users to cause a denial of service (crash) and possibly gain privileges. This is achieved through kernel SSDT hooks for various Windows Native API functions, including NtCreateFile, NtCreateKey, NtDeleteValueKey, NtOpenFile, NtOpenKey, and NtSetValueKey.

Recommendations For ProcessGuard version 3.410, consider updating to a newer version that properly validates parameters to SSDT function handlers to prevent potential denial of service and privilege escalation. As a temporary workaround, restrict access to the Windows Native API functions to minimize the risk of exploitation.