|
|
Family: Firewalls --> Category: infos
ZoneAlarm Local Privilege Escalation Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks version of ZoneAlarm
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote Windows application is prone to a local privilege
escalation issue.
Description :
The remote host is running ZoneAlarm, a firewall for Windows.
The TrueVector service associated with the version of ZoneAlarm
installed on the remote host loads as part of its startup several
necessary DLLs without specifying their pathnames. A possible hacker with
local access can exploit this flaw to execute arbitrary programs on
the affected host with LOCAL SYSTEM rights.
See also :
http://www.securityfocus.com/archive/1/427122/30/0/threaded
http://download.zonelabs.com/bin/free/securityAlert/51.html
Solution :
Upgrade to ZoneAlarm build 6.1.744.001 or later.
Threat Level:
Medium / CVSS Base Score : 5.6
(AV:L/AC:H/Au:NR/C:C/I:C/A:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
