Zone Alarm Pro contains a flaw that may allow a local denial of service. The issue is due to Zone Alarm Pro setting the configuration file/folder permissions for %windir%\Internet Logs\* to Everyone:Full Control. This allows any local user to make changes to the Zone Alarm configuration file. While the changes to the configuration are not processed by the server, the changes to the file trigger it's built in protection to prevent running with untrusted options and causes the firewall to shut down.
According to the advisory, ZoneAlarm Pro contains a flaw that may allow a remote attacker to bypass the 'Mobile Code' filter. The 'Mobile Code' blocking feature filters malicious Web objects and any 'application/*' MIME type, but does not filter SSL content. A remote attacker could create a malicious SSL Web page and bypass the Mobile Code filter.
(Description Provided by CVE) : ZoneAlarm Pro 7.0.362.000 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreatePort and (2) NtDeleteFile kernel SSDT hooks, a partial regression of CVE-2007-2083.
(Description Provided by CVE) : ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue.
(Description Provided by CVE) : ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access.
(Description Provided by CVE) : Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
(Description Provided by CVE) : Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder. NOTE: since this issue is dependent on the existence of a vulnerability in a separate product (weak permissions of executables or libraries, or the execution of malicious code), perhaps it should not be included in CVE.
Various ZoneAlarm products contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a trusted web browser is used to execute the ShowHTMLDialog() function. Malware can then create a modal dialog box to display HTML, and redirect the victim to the attacker's web site.
A remote overflow exists in ZoneAlarm. The 'vsmon.exe' program fails to perform proper bounds checking resulting in a buffer overflow. By specifying a overly long argument in the RCPT TO command, a remote attacker can cause arbitrary code execution with SYSTEM privileges resulting in a loss of integrity.
Zone Alarm contains a flaw in Email Protection that may allow a malicious user to bypass email attachement filename filter. The issue is triggered when foreign characters or parens is used in filenames (c - è, s - ¹, z - ¾). The attachement will not be qurarantined. It is possible that the flaw may allow a remote attacker to bypass ZoneAlarm and send arbitrary malwares in email attachemnt, resulting in a loss of integrity.
(Description Provided by CVE) : The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 126.96.36.199 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses.
(Description Provided by CVE) : TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS module via a crafted response.
ZoneAlarm contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when two specially crafted requests are created using the DeviceIoControl function from the vsdatant.sys driver. This flaw may lead to a loss of integrity.
A remote overflow exists in the ZoneAlarm Vet Antivirus engine. ZoneAlarm fails to validate the project name length in VBA directories, resulting in a integer overflow. With a specially crafted request, an attacker can cause a heap-based buffer overflow and gain elevated privileges, resulting in a loss of integrity.
(Description Provided by CVE) : Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum argument.
(Description Provided by CVE) : vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions.
(Description Provided by CVE) : vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations.
(Description Provided by CVE) : vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer.
ZoneCheck contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'ns' parameter upon submission to the 'zc.cgi' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) xmlnode.value, (2) zc-error text, (3) $zc_version, (4) domainname in a zc-title row, different vulnerabilities than CVE-2009-4882.
ZoneMinder contains a flaw in the index.php script that is triggered when user supplied input used in the /includes/actions.php file is passed from the 'runeState' parameter to the 'packageControl ($command) function and the 'key' and 'command' parameters to the setDeviceStatusX10 ($key, $status) function. This is also triggered when the packageControl ($command) function and setDeviceStatusx10 ($key, $status) function in /includes/functions.php calls exec() with user supplied input. This may allow a remote attacker to execute arbitrary commands.
ZoneMinder contains a flaw that allows an attacker to traverse outside of a restricted path. The issue is due to the index.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'view', 'request', and 'action' parameters. This directory traversal attack would allow a remote attacker to access arbitrary files.
By default, ZoneMinder installs with default user credentials (username/password combination). The 'zmuser' account has a password of 'zmpass' and the 'admin' account has a password of 'admin', both of which are publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.
(Description Provided by CVE) : ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.
Zoneminder contains a flaw that may allow a malicious user to modify the /etc/zm.conf file. The issue is triggered when an attacker exploits a vulnerability in the apache webserver either through a PHP or CGI script. It is possible that the flaw may allow modification of /etc/zm.conf resulting in a loss of integrity.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.