Local Process Identifier Bypass in Check Point ZoneAlarm Pro
CVE-2007-2730

Currently unrated

Key Information:

Vendor: Checkpoint
Status: Zonealarm; Comodo Firewall Pro; Comodo Personal Firewall
Vendor: CVE Published:; 16 May 2007

Summary

A flaw in Check Point ZoneAlarm Pro up to version 6.5.737.000 allows local users to exploit certain Microsoft Windows API functions improperly. The vulnerability arises from insufficient validation of process identifiers in the NT kernel for Windows versions 5.0 and higher. This allows an attacker to modify a process identifier to be just slightly greater than the legitimate one, thus circumventing established firewall rules and potentially gaining elevated privileges on the system.

References

http://securityreason.com/securityalert/2714

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/468643/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://osvdb.org/37383

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
May 16, 2007
Vulnerability Reserved
May 16, 2007