Local Code Execution Vulnerability in Check Point ZoneAlarm Spyware Removal Engine
CVE-2007-2174
Currently unrated
Summary
The IOCTL handling in the srescan.sys component of the Check Point ZoneAlarm Spyware Removal Engine before version 5.0.156.0 permits local users to gain unauthorized access and execute arbitrary code by manipulating specific IOCTL lrp parameter addresses. This vulnerability can be exploited to escalate privileges, potentially allowing an attacker to bypass normal security measures and take control of the system.
References
Timeline
Vulnerability published
Vulnerability Reserved