Plague in (security) software drivers & BSDOhook utility

[Matousec - Transparent security Research <research@xxxxxxxxxxxx>]

Hello,

We have found number of vulnerabilities in implementations of SSDT hooks in 
many different products.


Vulnerable software:

    * BlackICE PC Protection 3.6.cqn
    * G DATA InternetSecurity 2007
    * Ghost Security Suite beta 1.110 and alpha 1.200
    * Kaspersky Internet Security 7.0.0.125
    * Norton Internet Security 2008 15.0.0.60
    * Online Armor Personal Firewall 2.0.1.215
    * Outpost Firewall Pro 4.0.1025.7828
    * Privatefirewall 5.0.14.2
    * Process Monitor 1.22
    * ProcessGuard 3.410
    * ProSecurity 1.40 Beta 2
    * RegMon 7.04
    * ZoneAlarm Pro 7.0.362.000
    * probably other versions of above mentioned software
    * possibly many other software products that implement SSDT hooks


Not vulnerable software:

    * Comodo Personal Firewall 2.4.18.184
    * Daemon Tools Lite 4.10 X86
    * Sunbelt Personal Firewall 4.5.916.0



More details and the BSODhook utility that allows everyone to find similar 
vulnerabilities
easily are available here:

Advisory: 
http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php
Article: 
http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php


Regards,

--
Matousec - Transparent security Research
http://www.matousec.com/