Description
Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
Affected products
- AVG / antivirus_plus_firewall7.5.431 – 7.5.431
- Comodo / comodo_personal_firewall2.3.6.81 – 2.3.6.81
- Filseclab / personal_firewall3.0.8686 – 3.0.8686
- infoprocess / antihook3.0.23 – 3.0.23
- soft4ever / look_n_stop2.05p2 – 2.05p2
- Symantec / sygate_personal_firewall5.6.2808 – 5.6.2808
References
- VENDOR_ADVISORYhttp://www.matousec.com/info/advisories/Bypassing-process-identification-serveral-personal-firewalls-HIPS.php
- MISChttp://www.securityfocus.com/archive/1/454522/100/0/threaded
- MISChttp://www.securityfocus.com/bid/21615
- MISChttp://www.wilderssecurity.com/showthread.php?t=158155
- MISChttp://www.matousec.com/downloads/windows-personal-firewall-analysis/ex-coat.zip