Whitepaper called KHOBE - 8.0 Earthquake For Windows Desktop Security Software. It discusses Windows desktop security products that can be exploited to bypass a big portion of security features implemented by the affected products.
2a66fee9335500b174da0687391299c45447f47772a54e8b08e9e8a1a6ae0669
It appears that a number of vulnerabilities have been discovered in implementations of SSDT hooks in many different products. Vulnerable products range from BlackICE, Norton Internet Security, Process Monitor, and more.
10cab1f6a9cbfe4aa37ddf1207fd3c8ef40386c2d2758a0eadfeaeb9d168a631
Demonstration exploit that shows how Outpost Firewall Pro version 4.0 fails to protect against advanced DLL injection.
d098e88f484e24499c8384ec307c65852dc1541fe2460675f4823a8e79ba1d12
Outpost Firewall Pro version 4.0 fails to protect against advanced DLL injection.
d10c68573c91fa3188e94d699972e536a48599b7f66ade2ce1a96497197376aa
Testing program that exploits Output Firewall PRO version 4.0 which fails to sufficiently protect the \Device\SandBox driver.
bdcf73561116d8bf77ee8404cd2913c8d86fe9b944e74e816cb7c846cb06a98f
Outpost Firewall PRO version 4.0 insufficiently protects its driver \Device\SandBox against a manipulation by malicious applications and it fails to validate its input buffer.
313a85811eb28dca28af6a555e600f8a576f88f81c93bd030e0fc939be516c7f
BlackICE PC Protection protects its files against manipulation by malicious software. Its critical files like its database of trusted applications or firewall configuration are protected. The list of protected files is stored in filelock.txt in the BlackICE installation directory. If this file is deleted files mentioned in filelock.txt are not protected any more and can be changed by malicious applications. The implemented protection allows malicious applications to delete this file using native API function ZwDeleteFile. This can result in a bypass of all BlackICE protection mechanisms because its internal components can be replaced with fake copies. The situation is even easier for the attacker because the component control fails to recognize fake components in BlackICE processes.
cccf062711f391ac57c883f94f44d73929b8862d2542aff36335459be2a9a18d