Lucene search

Kaspersky LabKLA10412

HistoryApr 17, 2007 - 12:00 a.m.

KLA10412 ACE vulnerability in ZoneAlarm

2007-04-1700:00:00

Kaspersky Lab

threats.kaspersky.com

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Detect date:

04/17/2007

Severity:

High

Description:

A lack of argument validation was found in ZoneAlarm. By exploiting this vulnerability malicious users can cause denial of service or possibly execute arbitrary code. This vulnerability can be exploited locally via specially designed arguments.

Affected products:

ZoneAlarm Pro versions earlier than 7.0.302.000

Solution:

Update to latest version

Impacts:

ACE

Related products:

ZoneAlarm Pro

CVE-IDS:

CVE-2007-20836.9High

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2083

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/ZoneAlarm-Pro/

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for KLA10412