CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5044
https://notcve.org/view.php?id=CVE-2007-5044
24 Sep 2007 — ZoneAlarm Pro 7.0.362.000 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreatePort and (2) NtDeleteFile kernel SSDT hooks, a partial regression of CVE-2007-2083. ZoneAlarm Pro 7.0.362.000 no valida de forma adecuada ciertos parámetros en los maneadores de función System Service Descriptor Table (SSDT), lo cual permite a usuarios locales provoca... • http://osvdb.org/45898 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2007-4216
https://notcve.org/view.php?id=CVE-2007-4216
21 Aug 2007 — vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations. vsdatant.sys versión 6.5.737.0 en Check Point Zone Labs ZoneAlarm versiones anteriores a 7.0.362, permite a usuarios locales alcanzar privilegios por medio de un Interrupt Request Packet (Irp) diseñado en una petición (1) I... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=585 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2007-2730
https://notcve.org/view.php?id=CVE-2007-2730
16 May 2007 — Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. Check Point Zonealarm Pro anterior a 6.5.737.000 no comprueba adecuadamente la equivalencia de identificadores de proceso para determinadas... • http://osvdb.org/37383 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-2467
https://notcve.org/view.php?id=CVE-2007-2467
02 May 2007 — ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access. ZoneAlarm Pro 6.5.737.000, 6.1.744.001, y posiblemente versiones anteriores y otros productos, permite a usuarios locales provocar una denegación de servicio (caída del sistema) enviando información mal formada al controlador de dispositivo vsdatant, lo cual prov... • http://osvdb.org/35240 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2174
https://notcve.org/view.php?id=CVE-2007-2174
24 Apr 2007 — The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses. el manejo de IOCTL en srescan.sys en el ZoneAlarm Spyware Removal Engine (SRE) de Check Point ZoneAlarm anterior a 5.0.156.0 permite a usuarios locales ejecutar código de su elección a través de determinadas direcciones de parámetros lrp IOCTL. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=517 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-2083 – ZoneAlarm 6.1.744.001/6.5.737.000 - Vsdatant.SYS Driver Local Denial of Service
https://notcve.org/view.php?id=CVE-2007-2083
18 Apr 2007 — vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions. vsdatant.sys en Check Point Zone Labs ZoneAlarm Pro anterior a 7.0.302.000 no valida ciertos argumentos antes de ser pasados a manejadores de funciones SSDT, lo cual perm... • https://www.exploit-db.com/exploits/29860 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2932
https://notcve.org/view.php?id=CVE-2005-2932
31 Dec 2005 — Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=584 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.2EPSS: 3%CPEs: 6EXPL: 2CVE-2005-3560 – Zone Labs Zone Alarm 6.0 - Advance Program Control Bypass
https://notcve.org/view.php?id=CVE-2005-3560
16 Nov 2005 — Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus 6.0, (4) ZoneAlarm Anti-Spyware 6.0 through 6.1, and (5) ZoneAlarm 6.0 allow remote attackers to bypass the "Advanced Program Control and OS Firewall filters" setting via URLs in "HTML Modal Dialogs" (window.location.href) contained within JavaScript tags. • https://www.exploit-db.com/exploits/26479 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2005-0114
https://notcve.org/view.php?id=CVE-2005-0114
11 Feb 2005 — vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer. • http://download.zonelabs.com/bin/free/securityAlert/19.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2713
https://notcve.org/view.php?id=CVE-2004-2713
31 Dec 2004 — Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\Internet Logs\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissions. NOTE: this issue has been disputed by the vendor, who claims that it does not affect product functionality since the same information is also saved in a protected file • http://archives.neohapsis.com/archives/bugtraq/2004-08/0389.html • CWE-264: Permissions, Privileges, and Access Controls •