Page 3 of 19 results (0.005 seconds)

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

CVE-2010-5184

https://notcve.org/view.php?id=CVE-2010-5184

Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute ** EN DISPUTA ** Condición de carrera en ZoneAlarm Extreme Security v9.1.507.000 sobre Windows XP permite a usuarios locales evitar kernel-mode hook handlers, y ejecutar código peligroso que podría entre otras cosas ser bloqueado por un manejador pero no bloqueado por un detector de malware signature-based, a través de ciertos user-space cambios de memoria durante la ejecución de hook-handler execution, también conocido como un ataque argument-switch o KHOBE. NOTA: esta problema está en disputa por terceras partes. • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://www.f-secure.com/weblog/archives/00001949.html http://www.osvdb.org/67660 http://www.securit • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

CVE-2008-7025 – ZoneAlarm 8.0.20 - HTTP Proxy Remote Denial of Service

https://notcve.org/view.php?id=CVE-2008-7025

TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS module via a crafted response. TrueVector en Check Point ZoneAlarm v8.0.020.000, con vsmon.exe en ejecución, permite a proxies HTTP remotos provocar una denegación de servicio (caída) y deshabilitar el módulo HIDS mediante una respuesta manipulada. • https://www.exploit-db.com/exploits/32428 http://www.securityfocus.com/archive/1/496764/100/0/threaded http://www.securityfocus.com/bid/31431 https://exchange.xforce.ibmcloud.com/vulnerabilities/45480 •

CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 2

CVE-2008-7009 – ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2008-7009

Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer en multiscan.exe en Check Point ZoneAlarm Security Suite v7.0.483.000 y v8.0.020.000 permite a usuarios locales ejecutar código de forma arbitraria a través de un fichero o directorio con una ruta larga. NOTA: Algunos de estos detalles fueron obtenidos de terceras personas. • https://www.exploit-db.com/exploits/32356 http://osvdb.org/48097 http://secunia.com/advisories/31832 http://www.securityfocus.com/archive/1/496226/100/0/threaded http://www.securityfocus.com/bid/31124 http://www.securitytracker.com/id?1020859 http://www.vupen.com/english/advisories/2008/2556 https://exchange.xforce.ibmcloud.com/vulnerabilities/45082 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

CVE-2007-4216

https://notcve.org/view.php?id=CVE-2007-4216

vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations. vsdatant.sys versión 6.5.737.0 en Check Point Zone Labs ZoneAlarm versiones anteriores a 7.0.362, permite a usuarios locales alcanzar privilegios por medio de un Interrupt Request Packet (Irp) diseñado en una petición (1) IOCTL 0x8400000F o (2) IOCTL 0x8400000013 de METHOD_NEITHER, que puede ser usado para sobrescribir ubicaciones de memoria arbitrarias. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=585 http://secunia.com/advisories/26513 http://securitytracker.com/id?1018589 http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=53 http://www.securityfocus.com/archive/1/477155/100/0/threaded http://www.securityfocus.com/bid/25365 http://www.securityfocus.com/bid/25377 http://www.vupen.com/english/advisories/2007/2929 https://exchange.xforce.ibmcloud.com/vulnerabilities/36107 • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

CVE-2007-2730

https://notcve.org/view.php?id=CVE-2007-2730

Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. Check Point Zonealarm Pro anterior a 6.5.737.000 no comprueba adecuadamente la equivalencia de identificadores de proceso para determinadas funciones de la API de Windows en el núcleo de NT5.0 y superiores, lo cual permite a usuarios locales llamar a estas funciones y evitar reglas del cortafuegos u obtener privilegios, mediante un identificador modificado que es uno, dos, o tres unidades mayor que el identificador canónico. • http://osvdb.org/37383 http://securityreason.com/securityalert/2714 http://www.matousec.com/info/advisories/Bypassing-PWF-HIPS-open-process-control-with-uncommon-identifier.php http://www.securityfocus.com/archive/1/468643/100/0/threaded •