CVE-2007-2174
Summary
| CVE | CVE-2007-2174 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-04-24 16:19:00 UTC |
| Updated | 2018-10-16 16:42:00 UTC |
| Description | The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Checkpoint | Zonealarm | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Check Point Zone Alarm Srescan.SYS Multiple Local Privilege Escalation Vulnerabilities | BID | www.securityfocus.com | |
| ZoneAlarm 'srescan.sys' Driver Lets Local Users Gain System Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | |
| ZoneAlarm Products SRESCAN.SYS IOCTL Handler Privilege Escalation - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Sun Cluster Remote USCSICMD IOCTL Processing Bug Lets Remote Authenticated Users Deny Service - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| 20070420 Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability | IDEFENSE | labs.idefense.com | Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.