Vulnerabilities > CVE-2006-3787 - Denial of Service vulnerability in Sunbelt Kerio Personal Firewall CreateRemoteThread
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Sunbelt Kerio Personal Firewall 4.3.426 CreateRemoteThread Denial of Service Vulnerability. CVE-2006-3787. Dos exploit for hardware platform |
| id | EDB-ID:28228 |
| last seen | 2016-02-03 |
| modified | 2006-07-15 |
| published | 2006-07-15 |
| reporter | David Matousek |
| source | https://www.exploit-db.com/download/28228/ |
| title | Sunbelt Kerio Personal Firewall 4.3.426 CreateRemoteThread Denial of Service Vulnerability |
References
- http://secunia.com/advisories/21060
- http://securityreason.com/securityalert/1260
- http://www.matousec.com/info/advisories/Kerio-Terminating-kpf4ss-exe-using-internal-runtime-error.php
- http://www.securityfocus.com/archive/1/440112/100/100/threaded
- http://www.securityfocus.com/bid/18996
- http://www.vupen.com/english/advisories/2006/2828