CVE-2010-5160

Name of the Vulnerable Software and Affected Versions ESET Smart Security version 4.2.35.3

Description A race condition in ESET Smart Security on Windows XP allows local users to bypass kernel-mode hook handlers and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection. This is achieved via certain user-space memory changes during hook-handler execution, also known as an argument-switch attack or a KHOBE attack. It is noted that this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.

Recommendations For ESET Smart Security version 4.2.35.3, consider applying a patch or update to fix the race condition issue, if available. As a temporary workaround, consider restricting user-space memory changes during hook-handler execution to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.