Computer Security

CVE-2007-2083
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2007-2083
StatusCandidate
Descriptionvsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions.
SeverityMedium
CVSS score5,6
CVSS vector(AV:L/AC:H/Au:NR/C:C/I:C/A:C/B:N)
PhaseAssigned (17.04.2007)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2083
ReferencesBUGTRAQ : 20070415 ZoneAlarm Multiple insufficient argument validation of hooked SSDT function Vulnerability
 MISC : http://www.matousec.com/info/advisories/ZoneAlarm-...
 XF : zonealarm-vsdatant-dos(33664)
SecurityVulns:ZoneAlarm personal firewall multiple security vulnerabilities
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod
 


Rating@Mail.ru