Lucene search

[email protected]CVE-2007-2174

HistoryApr 24, 2007 - 4:19 p.m.

CVE-2007-2174

2007-04-2416:19:00

[email protected]

web.nvd.nist.gov

ioctl handling

srescan.sys

zonealarm spyware removal engine

local users

arbitrary code

security vulnerability

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses.

Affected configurations

NVD

Node

checkpointzonealarmRange≤5.0.63.0

CPENameOperatorVersion
checkpoint:zonealarmcheckpoint zonealarmle5.0.63.0

CPE	Name	Operator	Version
checkpoint:zonealarm	checkpoint zonealarm	le	5.0.63.0

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=517

secunia.com/advisories/24986

www.securityfocus.com/archive/1/466656/100/0/threaded

www.securityfocus.com/bid/23579

www.securitytracker.com/id?1017948

www.securitytracker.com/id?1017953

www.vupen.com/english/advisories/2007/1491

exchange.xforce.ibmcloud.com/vulnerabilities/33786

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-2174

prion1 cvelist1 nvd1