CVE-2008-1736

Name of the Vulnerable Software and Affected Versions Comodo Firewall Pro versions prior to 3.0

Description The issue arises from improper validation of certain parameters to hooked System Service Descriptor Table (SSDT) functions. This can be exploited by local users to cause a denial of service, resulting in a system crash. The exploitation vectors include a crafted OBJECT ATTRIBUTES structure in a call to the NtDeleteFile function, leading to improper validation of a ZwQueryObject result, as well as unspecified calls to the NtCreateFile and NtSetThreadContext functions.

Recommendations For Comodo Firewall Pro versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the NtDeleteFile, NtCreateFile, and NtSetThreadContext functions to minimize the risk of exploitation. Additionally, avoid using crafted OBJECT ATTRIBUTES structures in calls to the NtDeleteFile function until the issue is resolved.