The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions.
                
            References
                    Configurations
                    History
                    No history.
Information
                Published : 2007-03-07 20:19
Updated : 2025-04-09 00:30
NVD link : CVE-2006-7160
Mitre link : CVE-2006-7160
CVE.ORG link : CVE-2006-7160
JSON object : View
Products Affected
                agnitum
- outpost_firewall
CWE
                
                    
                        
                        CWE-20
                        
            Improper Input Validation
