Vulnerability Description
Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Comodo | Comodo Firewall Pro | 2.4.18.184 |
| Comodo | Comodo Personal Firewall | 2.3.6.81 |
References
- http://osvdb.org/37375
- http://securityreason.com/securityalert/2714
- http://www.matousec.com/info/advisories/Bypassing-PWF-HIPS-open-process-control-Vendor Advisory
- http://www.securityfocus.com/archive/1/468643/100/0/threaded
- http://osvdb.org/37375
- http://securityreason.com/securityalert/2714
- http://www.matousec.com/info/advisories/Bypassing-PWF-HIPS-open-process-control-Vendor Advisory
- http://www.securityfocus.com/archive/1/468643/100/0/threaded
FAQ
What is CVE-2007-2729?
CVE-2007-2729 is a vulnerability with a CVSS score of 7.2 (HIGH). Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Win...
How severe is CVE-2007-2729?
CVE-2007-2729 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2729?
Check the references section above for vendor advisories and patch information. Affected products include: Comodo Comodo Firewall Pro, Comodo Comodo Personal Firewall.