PT-2019-19050 · Check Point · Zonealarm

Jakub Palaczynski

Publicado

2019-04-17

Atualizado

2019-04-23

CVE-2019-8453

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Check Point ZoneAlarm versions up to 15.4.062

Description The issue allows a local attacker to potentially cause Denial of Service to the client by replacing a DLL file with a malicious one, due to the DLLs being loaded from directories where all users have write permissions.

Recommendations For versions up to 15.4.062, consider restricting write permissions to the directories from which the DLLs are loaded to prevent a local attacker from replacing DLL files with malicious ones.

Correção

Untrusted Search Path

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-114CWE-426

Identificadores relacionados

CVE-2019-8453

Produtos afetados

Zonealarm

PT-2019-19050 · Check Point · Zonealarm

CVE-2019-8453

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4