CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-2467
https://notcve.org/view.php?id=CVE-2007-2467
02 May 2007 — ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access. ZoneAlarm Pro 6.5.737.000, 6.1.744.001, y posiblemente versiones anteriores y otros productos, permite a usuarios locales provocar una denegación de servicio (caída del sistema) enviando información mal formada al controlador de dispositivo vsdatant, lo cual prov... • http://osvdb.org/35240 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2174
https://notcve.org/view.php?id=CVE-2007-2174
24 Apr 2007 — The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses. el manejo de IOCTL en srescan.sys en el ZoneAlarm Spyware Removal Engine (SRE) de Check Point ZoneAlarm anterior a 5.0.156.0 permite a usuarios locales ejecutar código de su elección a través de determinadas direcciones de parámetros lrp IOCTL. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=517 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-2083 – ZoneAlarm 6.1.744.001/6.5.737.000 - Vsdatant.SYS Driver Local Denial of Service
https://notcve.org/view.php?id=CVE-2007-2083
18 Apr 2007 — vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions. vsdatant.sys en Check Point Zone Labs ZoneAlarm Pro anterior a 7.0.302.000 no valida ciertos argumentos antes de ser pasados a manejadores de funciones SSDT, lo cual perm... • https://www.exploit-db.com/exploits/29860 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2932
https://notcve.org/view.php?id=CVE-2005-2932
31 Dec 2005 — Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=584 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.2EPSS: 9%CPEs: 6EXPL: 2CVE-2005-3560 – Zone Labs Zone Alarm 6.0 - Advance Program Control Bypass
https://notcve.org/view.php?id=CVE-2005-3560
16 Nov 2005 — Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus 6.0, (4) ZoneAlarm Anti-Spyware 6.0 through 6.1, and (5) ZoneAlarm 6.0 allow remote attackers to bypass the "Advanced Program Control and OS Firewall filters" setting via URLs in "HTML Modal Dialogs" (window.location.href) contained within JavaScript tags. • https://www.exploit-db.com/exploits/26479 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2005-0114
https://notcve.org/view.php?id=CVE-2005-0114
11 Feb 2005 — vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer. • http://download.zonelabs.com/bin/free/securityAlert/19.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2004-1534
https://notcve.org/view.php?id=CVE-2004-1534
31 Dec 2004 — ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, allows remote web sites to cause a denial of service (application instability or system hang) via certain JavaScript. • http://download.zonelabs.com/bin/free/securityAlert/18.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2713
https://notcve.org/view.php?id=CVE-2004-2713
31 Dec 2004 — Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\Internet Logs\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissions. NOTE: this issue has been disputed by the vendor, who claims that it does not affect product functionality since the same information is also saved in a protected file • http://archives.neohapsis.com/archives/bugtraq/2004-08/0389.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 26%CPEs: 5EXPL: 0CVE-2004-0309
https://notcve.org/view.php?id=CVE-2004-0309
01 Sep 2004 — Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument. • http://download.zonelabs.com/bin/free/securityAlert/8.html •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0612
https://notcve.org/view.php?id=CVE-2004-0612
30 Jun 2004 — The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encrypted session, which could allow remote attackers to bypass the mobile code filtering. NOTE: it has been disputed by the vendor that this behavior is required by the SSL specification. El filtro de Código Móvil en ZoneAlarm PRO 5.0.590.015 no filtra código móvil dentro de una sesión SSL cifrada, lo que podría permitir a un atacanter remoto saltarse el filtrado de código móvil. NOTA: El vendedor ha manifestado q... • http://archives.neohapsis.com/archives/bugtraq/2004-06/0420.html •