impersonation: Coat vulnerable

Learn about Computer Security Leak Testing/Attacks/Vulnerability Research
1

OS Windows Vista SP0 build 7600

  1. RootkitInstallation: MissingDriverLoad Protected
  2. RootkitInstallation: LoadAndCallImage Protected
  3. RootkitInstallation: DriverSupersede Protected
  4. RootkitInstallation: ChangeDrvPath Protected
  5. Invasion: Runner Protected
  6. Invasion: RawDisk Protected
  7. Invasion: PhysicalMemory Protected
  8. Invasion: FileDrop Protected
  9. Invasion: DebugControl Protected
  10. Injection: SetWinEventHook Protected
  11. Injection: SetWindowsHookEx Protected
  12. Injection: SetThreadContext Protected
  13. Injection: Services Protected
  14. Injection: ProcessInject Protected
  15. Injection: KnownDlls Protected
  16. Injection: DupHandles Protected
  17. Injection: CreateRemoteThread Protected
  18. Injection: APC dll injection Protected
  19. Injection: AdvancedProcessTermination Protected
  20. InfoSend: ICMP Test Protected
  21. InfoSend: DNS Test Protected
  22. Impersonation: OLE automation Protected
  23. Impersonation: ExplorerAsParent Protected
  24. Impersonation: DDE Protected
  25. Impersonation: Coat Vulnerable
  26. Impersonation: BITS Protected
  27. Hijacking: WinlogonNotify Protected
  28. Hijacking: Userinit Protected
  29. Hijacking: UIHost Protected
  30. Hijacking: SupersedeServiceDll Protected
  31. Hijacking: StartupPrograms Protected
  32. Hijacking: ChangeDebuggerPath Protected
  33. Hijacking: AppinitDlls Protected
  34. Hijacking: ActiveDesktop Protected
    Score 330/340
    (C) COMODO 2008
    tested after deleting all current rules and firewall on custom policy(Now old rules all fresh)
    test ran in sand box denied all requests while testing except the first one to begin the test
    alert settings very high
    can any one help me whats happened?
    am i really vulnerable?
    how can i get 340/340 score?
2

Try changing the sandbox level to Untrusted. One member tried this and received 340/340 np.

3

To all those having the same problem like I did before, clear all your internet cache and history then run the test again. The shortcut to clear the cache and history on IE and Firefox is by pressing the Ctrl+Shift+Delete keys. You need to do this for each browser of course.

4

no such problems in cis 2011…everything are in good shape

5

Re: “Impersonation: Coat” vulnerable on CLT testing

See this post: Getting Accurate Leak test Results for details.

Here is an excerpt from that post: