CVE-2007-2730

Severity Score

7.2

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.

Check Point Zonealarm Pro anterior a 6.5.737.000 no comprueba adecuadamente la equivalencia de identificadores de proceso para determinadas funciones de la API de Windows en el núcleo de NT5.0 y superiores, lo cual permite a usuarios locales llamar a estas funciones y evitar reglas del cortafuegos u obtener privilegios, mediante un identificador modificado que es uno, dos, o tres unidades mayor que el identificador canónico.

*Credits: N/A

CVSS Scores

NISTv2 7.2

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-05-16 CVE Reserved
2007-05-16 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
http://osvdb.org/37383	Vdb Entry
http://securityreason.com/securityalert/2714	Third Party Advisory
http://www.securityfocus.com/archive/1/468643/100/0/threaded	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.matousec.com/info/advisories/Bypassing-PWF-HIPS-open-process-control-with-uncommon-identifier.php	2018-10-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Checkpoint Search vendor "Checkpoint"	Zonealarm Search vendor "Checkpoint" for product "Zonealarm"	<= 6.1.744.001 Search vendor "Checkpoint" for product "Zonealarm" and version " <= 6.1.744.001"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2000 Search vendor "Microsoft" for product "Windows 2000"	*	-	Safe
Checkpoint Search vendor "Checkpoint"	Zonealarm Search vendor "Checkpoint" for product "Zonealarm"	<= 6.1.744.001 Search vendor "Checkpoint" for product "Zonealarm" and version " <= 6.1.744.001"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server"	*	-	Safe
Checkpoint Search vendor "Checkpoint"	Zonealarm Search vendor "Checkpoint" for product "Zonealarm"	<= 6.1.744.001 Search vendor "Checkpoint" for product "Zonealarm" and version " <= 6.1.744.001"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	-	Safe
Comodo Search vendor "Comodo"	Comodo Firewall Pro Search vendor "Comodo" for product "Comodo Firewall Pro"	2.4.18.184 Search vendor "Comodo" for product "Comodo Firewall Pro" and version "2.4.18.184"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2000 Search vendor "Microsoft" for product "Windows 2000"	*	-	Safe
Comodo Search vendor "Comodo"	Comodo Firewall Pro Search vendor "Comodo" for product "Comodo Firewall Pro"	2.4.18.184 Search vendor "Comodo" for product "Comodo Firewall Pro" and version "2.4.18.184"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server"	*	-	Safe
Comodo Search vendor "Comodo"	Comodo Firewall Pro Search vendor "Comodo" for product "Comodo Firewall Pro"	2.4.18.184 Search vendor "Comodo" for product "Comodo Firewall Pro" and version "2.4.18.184"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	-	Safe
Comodo Search vendor "Comodo"	Comodo Personal Firewall Search vendor "Comodo" for product "Comodo Personal Firewall"	2.3.6.81 Search vendor "Comodo" for product "Comodo Personal Firewall" and version "2.3.6.81"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2000 Search vendor "Microsoft" for product "Windows 2000"	*	-	Safe
Comodo Search vendor "Comodo"	Comodo Personal Firewall Search vendor "Comodo" for product "Comodo Personal Firewall"	2.3.6.81 Search vendor "Comodo" for product "Comodo Personal Firewall" and version "2.3.6.81"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server"	*	-	Safe
Comodo Search vendor "Comodo"	Comodo Personal Firewall Search vendor "Comodo" for product "Comodo Personal Firewall"	2.3.6.81 Search vendor "Comodo" for product "Comodo Personal Firewall" and version "2.3.6.81"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	-	Safe