CVE-2006-3787 Information

Description

kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread.

Reference

http://secunia.com/advisories/21060 http://securityreason.com/securityalert/1260 http://www.matousec.com/info/advisories/Kerio-Terminating-kpf4ss-exe-using-internal-runtime-error.php http://www.securityfocus.com/archive/1/440112/100/100/threaded http://www.securityfocus.com/bid/18996 http://www.vupen.com/english/advisories/2006/2828