CVE-2003-1309
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.6 Medium
AI Score
Confidence
High
0.013 Low
EPSS
Percentile
85.9%
The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka “Device Driver Attack”).
Affected configurations
References
archives.neohapsis.com/archives/vulnwatch/2003-q3/0070.html
download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html
sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt
sec-labs.hack.pl/papers/win32ddc.php
secunia.com/advisories/9459
www.osvdb.org/2375
www.osvdb.org/4362
www.securityfocus.com/bid/8342
exchange.xforce.ibmcloud.com/vulnerabilities/12824
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.6 Medium
AI Score
Confidence
High
0.013 Low
EPSS
Percentile
85.9%