CVE-2007-4216

2007-08-2117:17:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

High

EPSS

Percentile

5.1%

JSON

vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations.

Affected configurations

Nvd

Node

checkpointzonealarmRange≤7.0.337.0

checkpointzonealarmMatch5.0.63.0

checkpointzonealarmMatch6.1.744.001

VendorProductVersionCPE
checkpointzonealarm*cpe:2.3:a:checkpoint:zonealarm:*:*:*:*:*:*:*:*
checkpointzonealarm5.0.63.0cpe:2.3:a:checkpoint:zonealarm:5.0.63.0:*:*:*:*:*:*:*
checkpointzonealarm6.1.744.001cpe:2.3:a:checkpoint:zonealarm:6.1.744.001:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
checkpoint	zonealarm	*	cpe:2.3:a:checkpoint:zonealarm::::::::
checkpoint	zonealarm	5.0.63.0	cpe:2.3:a:checkpoint:zonealarm:5.0.63.0:::::::*
checkpoint	zonealarm	6.1.744.001	cpe:2.3:a:checkpoint:zonealarm:6.1.744.001:::::::*