2 results (0.006 seconds)

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum argument. Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, y posiblemente otras versiones no validan apropiadamente llamadas a funciones RegSaveKey, RegRestoreKey, y RegDeleteKey, lo cual permite a usuarios locales provocar una denegación de servicio (caída de sistema) mediante determinadas combinaciones de estas llamadas a funciones con el argumento: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum . • http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-protection-of-registry-key-VETFDDNT-Enum.php http://www.securityfocus.com/archive/1/438970/100/0/threaded http://www.securityfocus.com/bid/18789 https://exchange.xforce.ibmcloud.com/vulnerabilities/27584 •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=584 http://secunia.com/advisories/26513 http://securitytracker.com/id?1018588 http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=53 http://www.securityfocus.com/bid/25365 http://www.securityfocus.com/bid/25377 http://www.vupen.com/english/advisories/2007/2929 https://exchange.xforce.ibmcloud.com/vulnerabilities/36110 • CWE-264: Permissions, Privileges, and Access Controls •