Page 3 of 28 results (0.008 seconds)

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access. ZoneAlarm Pro 6.5.737.000, 6.1.744.001, y posiblemente versiones anteriores y otros productos, permite a usuarios locales provocar una denegación de servicio (caída del sistema) enviando información mal formada al controlador de dispositivo vsdatant, lo cual provoca un acceso inválido a memoria. • http://osvdb.org/35240 http://secunia.com/advisories/25064 http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-validation-of-vsdatant-driver-input-buffer.php http://www.securityfocus.com/archive/1/467269/100/0/threaded http://www.securityfocus.com/bid/23734 http://www.vupen.com/english/advisories/2007/1608 https://exchange.xforce.ibmcloud.com/vulnerabilities/34028 •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses. el manejo de IOCTL en srescan.sys en el ZoneAlarm Spyware Removal Engine (SRE) de Check Point ZoneAlarm anterior a 5.0.156.0 permite a usuarios locales ejecutar código de su elección a través de determinadas direcciones de parámetros lrp IOCTL. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=517 http://secunia.com/advisories/24986 http://www.securityfocus.com/archive/1/466656/100/0/threaded http://www.securityfocus.com/bid/23579 http://www.securitytracker.com/id?1017948 http://www.securitytracker.com/id?1017953 http://www.vupen.com/english/advisories/2007/1491 https://exchange.xforce.ibmcloud.com/vulnerabilities/33786 •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1

vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions. vsdatant.sys en Check Point Zone Labs ZoneAlarm Pro anterior a 7.0.302.000 no valida ciertos argumentos antes de ser pasados a manejadores de funciones SSDT, lo cual permite a usuarios locales provocar una denegación de servicio (caída del sistema) o posiblemente ejecutar código de su elección mediante argumentos manipulados artesanalmente a las funciones (1) NtCreateKey y (2) NtDeleteFile. • https://www.exploit-db.com/exploits/29860 http://osvdb.org/35239 http://securityreason.com/securityalert/2591 http://www.matousec.com/info/advisories/ZoneAlarm-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php http://www.securityfocus.com/archive/1/465868/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33664 •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=584 http://secunia.com/advisories/26513 http://securitytracker.com/id?1018588 http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=53 http://www.securityfocus.com/bid/25365 http://www.securityfocus.com/bid/25377 http://www.vupen.com/english/advisories/2007/2929 https://exchange.xforce.ibmcloud.com/vulnerabilities/36110 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 5%CPEs: 6EXPL: 2

Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus 6.0, (4) ZoneAlarm Anti-Spyware 6.0 through 6.1, and (5) ZoneAlarm 6.0 allow remote attackers to bypass the "Advanced Program Control and OS Firewall filters" setting via URLs in "HTML Modal Dialogs" (window.location.href) contained within JavaScript tags. • https://www.exploit-db.com/exploits/26479 http://secunia.com/advisories/17450 http://securityreason.com/securityalert/155 http://www.osvdb.org/20677 http://www.securityfocus.com/archive/1/415968 http://www.securityfocus.com/bid/15347 https://exchange.xforce.ibmcloud.com/vulnerabilities/22971 •