PT-2007-5409 · Check Point Zone · Zonealarm

Published

2007-08-21

Updated

2018-10-15

CVE-2007-4216

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Check Point Zone Labs ZoneAlarm version 6.5.737.0

Description The issue allows local users to gain privileges by sending a crafted Interrupt Request Packet (Irp) in a METHOD NEITHER IOCTL request. This can be achieved through either IOCTL 0x8400000F or IOCTL 0x84000013, allowing the overwrite of arbitrary memory locations.

Recommendations For version 6.5.737.0, update to version 7.0.362 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2007-4216

Affected Products

Zonealarm

PT-2007-5409 · Check Point Zone · Zonealarm

CVE-2007-4216

Weakness Enumeration

Related Identifiers

Affected Products

References · 10