Privilege Escalation in Check Point Zone Labs ZoneAlarm
CVE-2007-4216

Currently unrated

Key Information:

Vendor: Checkpoint
Status: Zonealarm
Vendor: CVE Published:; 21 August 2007

Summary

The vsdatant.sys component in Check Point's Zone Labs ZoneAlarm, specifically versions before 7.0.362, is susceptible to a privilege escalation vulnerability. By exploiting crafted Interrupt Request Packets (IRPs) using METHOD_NEITHER IOCTL requests (0x8400000F or 0x84000013), an attacker can overwrite arbitrary memory locations, leading to unauthorized privilege escalation for local users.

References

http://secunia.com/advisories/26513

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/36107

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2007/2929

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Aug 21, 2007
Vulnerability Reserved
Aug 8, 2007