Local Process Identifier Bypass in Check Point ZoneAlarm Pro
CVE-2007-2730
Currently unrated
Summary
A flaw in Check Point ZoneAlarm Pro up to version 6.5.737.000 allows local users to exploit certain Microsoft Windows API functions improperly. The vulnerability arises from insufficient validation of process identifiers in the NT kernel for Windows versions 5.0 and higher. This allows an attacker to modify a process identifier to be just slightly greater than the legitimate one, thus circumventing established firewall rules and potentially gaining elevated privileges on the system.
References
Timeline
Vulnerability published
Vulnerability Reserved