Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
Ask the Team  Mailing Lists  Advertising Info  Advisories  About SecuriTeam  Blogs Brought to you by: Suppliers of: Website Testing Tools Network Testing Tools Software Testing Tools SecuriTeam in Your Inbox New vulnerability? New tool? Tell us (Our PGP key). CanSecWest 2012 2nd Annual Cyber Security Hack In Paris	Prevx Home Intrusion Prevention Features can be Disabled by Direct Service Table Restoration 23 Nov. 2004    Summary Prevx Home is a "state-of-the-art Host Intrusion Prevention Software that is designed to protect the user against the next Zero Day Hacker attacks, Internet Worms and Spyware Installation without expecting the user to perform constant updates to their system . A malicious program with administrative access can completely disable Prevx's security features by direct memory access.   Credit: The information has been provided by Chew Keong TAN. The original article can be found at: http://www.security.org.sg/vuln/prevxhome.html Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    Details Protect your website! Use an External Vulnerability Scanner! Nothing to install. First report in 1 hour! www.beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Prevx Home Version 1.0 Build 2.1.0.0 on WinXP SP0 to SP2 Immune Systems:  * Prevx Home Version 2.0 Prevx Home prevents malicious code from modifying critical Windows registry keys by prompting the user for action whenever such an attempt is detected. Examples of protected registry keys include the Run-key and Internet Explorer's registry settings. Prevx Home can also protect the system against buffer overflow exploits. Prevx Home's registry and buffer overflow protection feature is implemented by hooking several native APIs in kernel-space by modifying entries within the SDT ServiceTable. Hooking is performed by Prevx Home's kernel driver that replaces several entries within the SDT ServiceTable. It is possible to disable Prevx Home's registry and buffer overflow protection by restoring the running kernel's SDT ServiceTable to its original state with direct writes to \device\physicalmemory. Restoring the running kernel's SDT ServiceTable will effectively disable the protection offered by Prevx Home. In other words, the registry keys that were protected by Prevx Home can now be modified. Note: The original article has a proof of concept demonstration of this vulnerability. Vendor Status: The vendor has released a newer version which protects against such methods of exploitation. Disclosure Timeline: 05 Sep 04 - Vulnerability Discovered 06 Sep 04 - Initial Vendor Notification (incident number 1786) 06 Sep 04 - Initial Vendor Response 14 Sep 04 - Second Vendor Response 23 Sep 04 - Third Vendor Response 09 Nov 04 - Received Notification that Version 2.0, which can protect against such exploits, has been released 22 Nov 04 - Public Release  Comments: blog comments powered by Disqus	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles Novell Zenworks Software Packaging LaunchHelp.dll Code Execution Vulnerability Novell ZENWorks Software Packaging Antique ActiveX Control Code Execution Vulnerability Microsoft Internet Explorer swapNode Handling Code Execution Vulnerability Microsoft Internet Explorer Select Element Insufficient Type Checking Code Execution Vulnerability Internet Explorer Select Element Cache Code Execution Vulnerability Microsoft Office Graph DataFormat Signed Index Code Execution Vulnerability Microsoft Office Excel Conditional Expression Ptg Type Confusion Vulnerability Microsoft Internet Explorer Protected Mode Bypass Vulnerability Microsoft Internet Explorer 9 STYLE Object Parsing Code Execution Vulnerability Microsoft Internet Explorer XSLT SetViewSlave Code Execution Vulnerability CA Total Defense Suite Gateway Security Malformed HTTP Packet Code Execution Vulnerability HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Code Execution Vulnerability TrendMicro Control Manager CASProcessor.exe BLOB Code Execution Vulnerability Symantec Veritas Storage Foundation vxsvc.exe Unicode Code Execution Vulnerability HP iNode Management Center iNodeMngChecker.exe Code Execution Vulnerability  Featured Articles ProFTPD Response Pool Use-After-Free Code Execution Vulnerability HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability Novell ZENWorks Software Packaging Antique ActiveX Control Code Execution Vulnerability Adobe Reader U3D IFF RGBA Parsing Code Execution Vulnerability Adobe Reader U3D PCX Parsing Code Execution Vulnerability Cisco Unified Service Monitor brstart add_dm Code Execution Vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2011 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®