CVE-2007-5041

G DATA InternetSecurity 2007 - Denial of Service via NtCreateKey and NtOpenProcess SSDT Hooks

Title source: llm
STIX 2.1

Description

G DATA InternetSecurity 2007 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey and (2) NtOpenProcess kernel SSDT hooks.

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3161
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/45896
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/479830/100/0/threaded

Scores

EPSS 0.0031
EPSS Percentile 22.4%

Details

CWE
CWE-20
Status published
Products (1)
gdata/internetsecurity_2007
Published Sep 24, 2007
Tracked Since Feb 18, 2026