VULHUB ™

Prevx Home's registry and buffer overflow protection features are implemented by hooking several native APIs in kernel-space by modifying entries within the SDT ServiceTable. This means that a malicious program with Administrator privilege can disable these features by restoring the running kernel's SDT ServiceTable with direct writes to \device\physicalmemory. Verified against Prevx Home Version 1.0 Build 2.1.0.0 on WinXP SP0, SP2.

Prevx Home's registry and buffer overflow protection features are implemented by hooking several native APIs in kernel-space by modifying entries within the SDT ServiceTable. This means that a malicious program with Administrator privilege can disable these features by restoring the running kernel's SDT ServiceTable with direct writes to \device\physicalmemory. Verified against Prevx Home Version 1.0 Build 2.1.0.0 on WinXP SP0, SP2.