CVE-2010-5156

Name of the Vulnerable Software and Affected Versions CA Internet Security Suite Plus 2010 version 6.0.0.272

Description A race condition allows local users to bypass kernel-mode hook handlers and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection. This is achieved via certain user-space memory changes during hook-handler execution, also known as an argument-switch attack or a KHOBE attack. Note that this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.

Recommendations For CA Internet Security Suite Plus 2010 version 6.0.0.272, consider disabling the kernel-mode hook handlers as a temporary workaround until a patch is available. Restrict access to user-space memory to minimize the risk of exploitation. Avoid using the affected protection mechanism in situations where a crafted program has already begun to execute.