Phase:Prevx Home 1.0 allows local users with adminstrator privileges to bypass the intrusion prevention features by directly writing to \device\physicalmemory, which restores the running kernel's original SDT ServiceTable.
ReferencesBUGTRAQ:Wednesday, November 24, 2004 Re: [SIG^2 G-TEC] Prevx Home v1.0 Instrusion Prevention Features Can Be Disabled by Direct Service Table Restoration | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110138413816367&w=2 | BUGTRAQ:Monday, November 22, 2004 [SIG^2 G-TEC] Prevx Home
Votes:Assigned (Tuesday, December 14, 2004)
Comments:None (candidate not yet proposed)
F7: