FKIE_CVE-2007-1330

Vulnerability from fkie_nvd - Published: 2007-03-07 21:19 - Updated: 2026-06-16 22:37
Severity
Summary
Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.184 and earlier allows local users to bypass driver protections on the HKLM\SYSTEM\Software\Comodo\Personal Firewall registry key by guessing the name of a named pipe under \Device\NamedPipe\OLE and attempting to open it multiple times.
References
cve@mitre.orghttp://osvdb.org/34957
cve@mitre.orghttp://securityreason.com/securityalert/2388
cve@mitre.orghttp://www.matousec.com/info/advisories/Comodo-Bypassing-settings-protection-using-magic-pipe.phpVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/461635/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/22775
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/32771
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/34957
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2388
af854a3a-2127-422b-91ae-364da2661108http://www.matousec.com/info/advisories/Comodo-Bypassing-settings-protection-using-magic-pipe.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/461635/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22775
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/32771
Impacted products
Vendor Product Version
comodo comodo_firewall_pro 2.4.16.174
comodo comodo_firewall_pro 2.4.17.183
comodo comodo_firewall_pro 2.4.18.184
To clipboard 

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:comodo:comodo_firewall_pro:2.4.16.174:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E5BB621-8FCF-47E0-8724-D3FC940FC312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:comodo:comodo_firewall_pro:2.4.17.183:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0F19574-1A12-4C96-B1DE-C63233C6A13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:comodo:comodo_firewall_pro:2.4.18.184:*:*:*:*:*:*:*",
              "matchCriteriaId": "6518A7E2-C299-4985-BCAD-0A52FB9E850D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.184 and earlier allows local users to bypass driver protections on the HKLM\\SYSTEM\\Software\\Comodo\\Personal Firewall registry key by guessing the name of a named pipe under \\Device\\NamedPipe\\OLE and attempting to open it multiple times."
    },
    {
      "lang": "es",
      "value": "Comodo Firewall Pro (CFP) (antes conocido como Comodo Personal Firewall) 2.4.18.184 y versiones anteriores permite a usuarios locales     evitar las protecciones del dispositivos en la clave de registro del HKLM\\SYSTEM\\Software\\Comodo\\Personal Firewall mediante la adivinaci\u00f3n del nombre de una tuber\u00eda con nombre bajo el \\Device\\NamedPipe\\OLE e intentando abrirlo en m\u00faltiples ocasiones."
    }
  ],
  "id": "CVE-2007-1330",
  "lastModified": "2026-06-16T22:37:22.097",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-07T21:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/34957"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2388"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.matousec.com/info/advisories/Comodo-Bypassing-settings-protection-using-magic-pipe.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/461635/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22775"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/34957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.matousec.com/info/advisories/Comodo-Bypassing-settings-protection-using-magic-pipe.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/461635/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32771"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.