CVE-2010-5153
CWE-362Published: August 25, 2012· Updated: Jun 16, 2026
Official Description
Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute
Technical Analysis
CVE-2010-5153 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
All References (18)
Quick Facts
Related CVEs (CWE-362)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2010-5153 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts