Local Code Execution Vulnerability in Check Point ZoneAlarm Spyware Removal Engine
CVE-2007-2174

Currently unrated

Key Information:

Vendor
Checkpoint
Status
Vendor
CVE Published:
24 April 2007

Summary

The IOCTL handling in the srescan.sys component of the Check Point ZoneAlarm Spyware Removal Engine before version 5.0.156.0 permits local users to gain unauthorized access and execute arbitrary code by manipulating specific IOCTL lrp parameter addresses. This vulnerability can be exploited to escalate privileges, potentially allowing an attacker to bypass normal security measures and take control of the system.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.