Title: StackDefender ObjectAttributes Invalid Pointer Dereference Denial Of Service Vulnerability
Severity: MODERATE
Description:
StackDefender is intrusion prevention software for Microsoft Windows operating systems that is designed to protect against memory corruption vulnerabilities.
StackDefender is prone to a vulnerability that may permit attackers to crash the computer. This issue may be triggered if the program attempts to dereference an invalid pointer.
The software hooks the ZwOpenFile and ZwCreateFile kernel API functions to load StackDefender DLLs everytime an executable is run. The reported vulnerability is exposed in these functions. Specifically, there is insufficient validation of the ObjectAttributes argument, allowing an invalid address to be passed when these functions are called.
To exploit this issue, the attacker must be able to cause memory corruption on the host computer, such as through exploitation of buffer overflow in another application. This will force the software to attempt to block attempts to exploit the memory corruption vulnerability and in turn expose this vulnerability.
This issue is known to affect StackDefender 1.10.
Affected Products:
- Next Generation Security Technologies StackDefender 1.10.0
References:
- Next Generation Security Technologies: StackDefender Homepage
- iDEFENSE: NGSEC StackDefender 1.10 Invalid Pointer Dereference Vulnerability
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
