CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6233 – Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-6233
Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Forensic Recorder service. By creating a symbolic link, an attacker can abuse the service to overwrite arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-1036 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6013 – Check Point ZoneAlarm Symlink Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-6013
ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems. Los productos ZoneAlarm Firewall y Antivirus anteriores a versión 15.8.109.18436, permiten a un atacante que ya posee acceso al sistema ejecutar código con privilegios elevados por medio de una combinación de manipulación de permisos de archivos y explotación de Windows CVE-2020-00896 en sistemas sin parches This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ZoneAlarm Service. The issue results from the lack of proper validation of a user-supplied symbolic link prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. • https://www.zonealarm.com/software/extreme-security/release-history • CWE-65: Windows Hard Link CWE-269: Improper Privilege Management •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5184
https://notcve.org/view.php?id=CVE-2010-5184
Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute ** EN DISPUTA ** Condición de carrera en ZoneAlarm Extreme Security v9.1.507.000 sobre Windows XP permite a usuarios locales evitar kernel-mode hook handlers, y ejecutar código peligroso que podría entre otras cosas ser bloqueado por un manejador pero no bloqueado por un detector de malware signature-based, a través de ciertos user-space cambios de memoria durante la ejecución de hook-handler execution, también conocido como un ataque argument-switch o KHOBE. NOTA: esta problema está en disputa por terceras partes. • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://www.f-secure.com/weblog/archives/00001949.html http://www.osvdb.org/67660 http://www.securit • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •