CVE-2010-5168

Name of the Vulnerable Software and Affected Versions Symantec Norton Internet Security 2010 version 17.5.0.127

Description A race condition issue allows local users to bypass kernel-mode hook handlers and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection. This is achieved via certain user-space memory changes during hook-handler execution. The issue is disputed by some third parties as it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.

Recommendations For Symantec Norton Internet Security 2010 version 17.5.0.127, consider applying a patch or fix to address the race condition issue, if available, to prevent local users from bypassing kernel-mode hook handlers. As a temporary workaround, consider restricting user-space memory changes during hook-handler execution to minimize the risk of exploitation.