{"api_version":"1","generated_at":"2026-05-13T04:43:15+00:00","cve":"CVE-2006-7160","urls":{"html":"https://cve.report/CVE-2006-7160","api":"https://cve.report/api/cve/CVE-2006-7160.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-7160","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-7160"},"summary":{"title":"CVE-2006-7160","description":"The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-03-07 20:19:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-20","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.9","severity":"","vector":"AV:L/AC:L/Au:N/C:N/I:N/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.vupen.com/english/advisories/2006/4537","name":"http://www.vupen.com/english/advisories/2006/4537","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/21097","name":"http://www.securityfocus.com/bid/21097","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Outpost Firewall PRO Multiple Local Denial of Service Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/22913","name":"http://secunia.com/advisories/22913","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Outpost Firewall Pro Hooked Functions Denial of Service - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/451672/100/0/threaded","name":"http://www.securityfocus.com/archive/1/451672/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30312","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30312","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/2376","name":"http://securityreason.com/securityalert/2376","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"CXSecurity - IDS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.matousec.com/info/advisories/Outpost-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php","name":"http://www.matousec.com/info/advisories/Outpost-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Advisory 2006-11-15.01 - matousec.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-7160","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-7160","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"7160","vulnerable":"1","versionEndIncluding":"4.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"agnitum","cpe5":"outpost_firewall","cpe6":"*","cpe7":"*","cpe8":"pro","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T20:57:39.963Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"2376","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/2376"},{"name":"outpostfirewall-multiple-functions-dos(30312)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30312"},{"name":"ADV-2006-4537","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2006/4537"},{"name":"20061115 Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/451672/100/0/threaded"},{"name":"22913","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/22913"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.matousec.com/info/advisories/Outpost-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"},{"name":"21097","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/21097"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2006-11-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"2376","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/2376"},{"name":"outpostfirewall-multiple-functions-dos(30312)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30312"},{"name":"ADV-2006-4537","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2006/4537"},{"name":"20061115 Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/451672/100/0/threaded"},{"name":"22913","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/22913"},{"tags":["x_refsource_MISC"],"url":"http://www.matousec.com/info/advisories/Outpost-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"},{"name":"21097","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/21097"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-7160","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"2376","refsource":"SREASON","url":"http://securityreason.com/securityalert/2376"},{"name":"outpostfirewall-multiple-functions-dos(30312)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/30312"},{"name":"ADV-2006-4537","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/4537"},{"name":"20061115 Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/451672/100/0/threaded"},{"name":"22913","refsource":"SECUNIA","url":"http://secunia.com/advisories/22913"},{"name":"http://www.matousec.com/info/advisories/Outpost-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php","refsource":"MISC","url":"http://www.matousec.com/info/advisories/Outpost-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"},{"name":"21097","refsource":"BID","url":"http://www.securityfocus.com/bid/21097"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2006-7160","datePublished":"2007-03-07T20:00:00.000Z","dateReserved":"2007-03-07T00:00:00.000Z","dateUpdated":"2024-08-07T20:57:39.963Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-03-07 20:19:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-20","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:agnitum:outpost_firewall:*:*:pro:*:*:*:*:*","versionEndIncluding":"4.0","matchCriteriaId":"C3B820FA-2999-4DAA-A54D-9DA2B16B2A11"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"7160","Ordinal":"1","Title":"CVE-2006-7160","CVE":"CVE-2006-7160","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"7160","Ordinal":"1","NoteData":"The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions.","Type":"Description","Title":"CVE-2006-7160"},{"CveYear":"2006","CveId":"7160","Ordinal":"2","NoteData":"2007-03-07","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"7160","Ordinal":"3","NoteData":"2018-10-16","Type":"Other","Title":"Modified"}]}}}