PT-2019-19050 · Check Point · Zonealarm

Jakub Palaczynski

Published

2019-04-17

Updated

2019-04-23

CVE-2019-8453

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Check Point ZoneAlarm versions up to 15.4.062

Description The issue allows a local attacker to potentially cause Denial of Service to the client by replacing a DLL file with a malicious one, due to the DLLs being loaded from directories where all users have write permissions.

Recommendations For versions up to 15.4.062, consider restricting write permissions to the directories from which the DLLs are loaded to prevent a local attacker from replacing DLL files with malicious ones.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-114CWE-426

Related Identifiers

CVE-2019-8453

Affected Products

Zonealarm

PT-2019-19050 · Check Point · Zonealarm

CVE-2019-8453

Weakness Enumeration

Related Identifiers

Affected Products

References · 4