Local Process Identifier Bypass in Check Point ZoneAlarm Pro
CVE-2007-2730

Currently unrated

Key Information:

Vendor
Checkpoint
Vendor
CVE Published:
16 May 2007

Summary

A flaw in Check Point ZoneAlarm Pro up to version 6.5.737.000 allows local users to exploit certain Microsoft Windows API functions improperly. The vulnerability arises from insufficient validation of process identifiers in the NT kernel for Windows versions 5.0 and higher. This allows an attacker to modify a process identifier to be just slightly greater than the legitimate one, thus circumventing established firewall rules and potentially gaining elevated privileges on the system.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.