VAR-200701-0041
Vulnerability from variot - Updated: 2025-04-10 23:11Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys. Outpost Firewall PRO is prone to a local privilege-escalation vulnerability because it fails to perform adequate SSDT (System Service Descriptor Table) hooking on files in its installation directory. A local attacker can exploit this issue to elevate their privileges, which can lead to the complete compromise of an affected computer. Outpost Firewall PRO 4.0 is vulnerable; other versions may also be affected. Outpost Firewal Pro is a small and exquisite network firewall software, including advertisement and image filtering, content filtering, DNS cache and other functions. Outpost uses various SSDT hooks to protect files and directories in its installation directory, but when implementing this protection, it cannot prevent malicious applications from calling the original API ZwSetInformationFile class FileLinkInformation, which allows attackers to replace the ones that the system does not use when calling this function document. A vulnerable file in the Outpost installation directory is SandBox.sys. An attacker can replace this driver with a fake copy, and the system will load the driver on the next reboot. Since the driver runs in privileged kernel mode, this can result in complete system control
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200701-0041",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "outpost firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "agnitum",
"version": "4.0"
},
{
"model": "outpost firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "agnitum",
"version": "pro 4.0"
},
{
"model": "outpost firewall pro",
"scope": "eq",
"trust": 0.3,
"vendor": "agnitum",
"version": "4.0(971.584.079)"
},
{
"model": "outpost firewall pro",
"scope": "eq",
"trust": 0.3,
"vendor": "agnitum",
"version": "4.0(964.582.059)"
},
{
"model": "outpost firewall pro",
"scope": "eq",
"trust": 0.3,
"vendor": "agnitum",
"version": "4.0(1005.590.123)"
},
{
"model": "outpost firewall pro",
"scope": "eq",
"trust": 0.3,
"vendor": "agnitum",
"version": "4.0"
}
],
"sources": [
{
"db": "BID",
"id": "22069"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001401"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-255"
},
{
"db": "NVD",
"id": "CVE-2007-0333"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:agnitum:outpost_firewall",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001401"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matousec http://www.matousec.com/",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200701-255"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0333",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2007-0333",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-23695",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-0333",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-0333",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200701-255",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-23695",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23695"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001401"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-255"
},
{
"db": "NVD",
"id": "CVE-2007-0333"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product\u0027s installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys. Outpost Firewall PRO is prone to a local privilege-escalation vulnerability because it fails to perform adequate SSDT (System Service Descriptor Table) hooking on files in its installation directory. \nA local attacker can exploit this issue to elevate their privileges, which can lead to the complete compromise of an affected computer. \nOutpost Firewall PRO 4.0 is vulnerable; other versions may also be affected. Outpost Firewal Pro is a small and exquisite network firewall software, including advertisement and image filtering, content filtering, DNS cache and other functions. Outpost uses various SSDT hooks to protect files and directories in its installation directory, but when implementing this protection, it cannot prevent malicious applications from calling the original API ZwSetInformationFile class FileLinkInformation, which allows attackers to replace the ones that the system does not use when calling this function document. A vulnerable file in the Outpost installation directory is SandBox.sys. An attacker can replace this driver with a fake copy, and the system will load the driver on the next reboot. Since the driver runs in privileged kernel mode, this can result in complete system control",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0333"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001401"
},
{
"db": "BID",
"id": "22069"
},
{
"db": "VULHUB",
"id": "VHN-23695"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-23695",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23695"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-0333",
"trust": 2.5
},
{
"db": "BID",
"id": "22069",
"trust": 2.0
},
{
"db": "SREASON",
"id": "2163",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "33480",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001401",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200701-255",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20070115 OUTPOST BYPASSING SELF-PROTECTION USING FILE LINKS VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "31529",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-82968",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "29465",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-23695",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23695"
},
{
"db": "BID",
"id": "22069"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001401"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-255"
},
{
"db": "NVD",
"id": "CVE-2007-0333"
}
]
},
"id": "VAR-200701-0041",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-23695"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:11:44.558000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.agnitum.com/products/outpost/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001401"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0333"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.matousec.com/info/advisories/outpost-bypassing-self-protection-using-file-links.php"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/22069"
},
{
"trust": 1.7,
"url": "http://osvdb.org/33480"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/2163"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/456973/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31529"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0333"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0333"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/456973/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/31529"
},
{
"trust": 0.3,
"url": "http://www.agnitum.com/products/outpost/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23695"
},
{
"db": "BID",
"id": "22069"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001401"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-255"
},
{
"db": "NVD",
"id": "CVE-2007-0333"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-23695"
},
{
"db": "BID",
"id": "22069"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001401"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-255"
},
{
"db": "NVD",
"id": "CVE-2007-0333"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-23695"
},
{
"date": "2007-01-15T00:00:00",
"db": "BID",
"id": "22069"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001401"
},
{
"date": "2007-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-255"
},
{
"date": "2007-01-18T02:28:00",
"db": "NVD",
"id": "CVE-2007-0333"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-23695"
},
{
"date": "2007-01-16T20:20:00",
"db": "BID",
"id": "22069"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001401"
},
{
"date": "2007-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-255"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-0333"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "22069"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-255"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Agnitum Outpost Firewall PRO Vulnerable to Trojan horse driver insertion into the product installation directory",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001401"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "22069"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-255"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…