Race Condition Vulnerability in KingSoft Personal Firewall by Kingsoft
CVE-2010-5164

Currently unrated

Key Information:

Vendor: Kingsoft
Status: Personal Firewall 9
Vendor: CVE Published:; 25 August 2012

What is CVE-2010-5164?

A race condition exists in KingSoft Personal Firewall, where local users can exploit the vulnerability to bypass kernel-mode hook handlers. This flaw enables the execution of unauthorized code that would typically be intercepted by security mechanisms. By altering user-space memory during the hook-handler process, attackers can perform an argument-switch attack, also known as a KHOBE attack. This vulnerability primarily impacts the efficacy of the security software, allowing crafted programs that have begun execution to evade detection by signature-based malware defenses.

References

http://archives.neohapsis.com/archives/bugtraq/2010-05/00...

mailing-listx_refsource_BUGTRAQ

http://countermeasures.trendmicro.eu/you-just-cant-trust-...

x_refsource_MISC

http://www.securityfocus.com/bid/39924

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 25, 2012