CVE-2010-5177

Name of the Vulnerable Software and Affected Versions Sophos Endpoint Security and Control version 9.0.5

Description A race condition exists that allows local users to bypass kernel-mode hook handlers and execute dangerous code. This is achieved through certain user-space memory changes during hook-handler execution. The issue can be exploited via an argument-switch attack or a KHOBE attack, potentially allowing the execution of code that would otherwise be blocked by a handler but not by signature-based malware detection.

Recommendations For Sophos Endpoint Security and Control version 9.0.5, consider applying additional security measures to protect against potential exploits, as the vendor disputes this issue due to it being a flaw in a protection mechanism for situations where a crafted program has already begun to execute. At the moment, there is no information about a newer version that contains a fix for this vulnerability.