Hi , Also known as a TOCTOU binding flaw (thanks GDM).
http://nob.cs.ucdavis.edu/bishop/papers/1996-compsys/racecond.pdf (dated 1996). Jeff On Wed, May 5, 2010 at 3:14 AM, www.matousec.com - Research <[email protected]> wrote: > Hello, > > We have found number of vulnerabilities in implementations of kernel hooks in > many different security products. > > > Vulnerable software: > > * 3D EQSecure Professional Edition 4.2 > * avast! Internet Security 5.0.462 > * AVG Internet Security 9.0.791 > * Avira Premium Security Suite 10.0.0.536 > * BitDefender Total Security 2010 13.0.20.347 > * Blink Professional 4.6.1 > * CA Internet Security Suite Plus 2010 6.0.0.272 > * Comodo Internet Security Free 4.0.138377.779 > * DefenseWall Personal Firewall 3.00 > * Dr.Web Security Space Pro 6.0.0.03100 > * ESET Smart Security 4.2.35.3 > * F-Secure Internet Security 2010 10.00 build 246 > * G DATA TotalCare 2010 > * Kaspersky Internet Security 2010 9.0.0.736 > * KingSoft Personal Firewall 9 Plus 2009.05.07.70 > * Malware Defender 2.6.0 > * McAfee Total Protection 2010 10.0.580 > * Norman Security Suite PRO 8.0 > * Norton Internet Security 2010 17.5.0.127 > * Online Armor Premium 4.0.0.35 > * Online Solutions Security Suite 1.5.14905.0 > * Outpost Security Suite Pro 6.7.3.3063.452.0726 > * Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION > * Panda Internet Security 2010 15.01.00 > * PC Tools Firewall Plus 6.0.0.88 > * PrivateFirewall 7.0.20.37 > * Security Shield 2010 13.0.16.313 > * Sophos Endpoint Security and Control 9.0.5 > * Trend Micro Internet Security Pro 2010 17.50.1647.0000 > * Vba32 Personal 3.12.12.4 > * VIPRE Antivirus Premium 4.0.3272 > * VirusBuster Internet Security Suite 3.2 > * Webroot Internet Security Essentials 6.1.0.145 > * ZoneAlarm Extreme Security 9.1.507.000 > * probably other versions of above mentioned software > * possibly many other software products that use kernel hooks to implement > security features > > > More details is available here: > > Advisory: > http://www.matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php > Article: > http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php > > Kind Regards, > > -- > www.matousec.com Research > Different Internet Experience Ltd. > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
