CVE-2010-5183
NONE
Published Aug 25, 201213y ago · Modified Jun 16, 20262w ago
Published Aug 25, 2012 13y ago
Last Modified Jun 16, 2026 2w ago
Description
Race condition in Webroot Internet Security Essentials 6.1.0.145 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-362
Affected Products 2
References 9
- archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html
- archives.neohapsis.com http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html
- countermeasures.trendmicro.eu http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk/
- matousec.com http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php
- matousec.com http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php
- f-secure.com http://www.f-secure.com/weblog/archives/00001949.html
- osvdb.org http://www.osvdb.org/67660
- securityfocus.com http://www.securityfocus.com/bid/39924
- theregister.co.uk http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.