Race Condition Vulnerability in Sophos Endpoint Security on Windows XP

CVE-2010-5177

Summary

A race condition in Sophos Endpoint Security and Control 9.0.5 on Windows XP allows local users to exploit kernel-mode hook handlers. This vulnerability enables unauthorized execution of harmful code that typically would be prevented by security mechanisms during specific user-space memory alterations. Often referred to as an argument-switch attack or KHOBE attack, this flaw presents significant risks as the bypass occurs when a crafted program has already commenced execution. While the vendor disputes the severity of this issue, it highlights a critical flaw in the protective measures designed to ensure system integrity.

References