| VID |
23133 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Prevx Pro 2005 which is older or as old as than version 1.0.0.1 is detected as installed on the host. Prevx Pro 2005 is a freely available intrusion prevention system for Microsoft Windows platforms. Prevx Pro 2005 1.0.0.1 and earlier versions could allow a local attacker to bypass security restrictions as follows:
1) Incorrect handling of memory mapped files allows protected files that are mapped into memory using "MapViewOfFile()" to be written. This can be exploited to bypass the product's file protection security feature.
2) The driver does not validate the sender of received device I/O control codes in the NtDeviceControlFile. This allows a user-space program to bypass the product's security features by sending specific I/O control codes to the driver.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0001.html
http://secunia.com/advisories/15885/
* Platforms Affected:
Prevx Pro 2005 1.0.0.1 and earlier versions
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of July 2005.
Upgrade to the latest version of Prevx Pro, when new fixed version becomes available from the Prevx Download Web site at http://www.prevx.com/prevxprolanding.asp |
| Related URL |
CVE-2005-2144,CVE-2005-2145 (CVE) |
| Related URL |
14123 (SecurityFocus) |
| Related URL |
21222,21224 (ISS) |
|
