Zone Labs ZoneAlarm Security Suite Local Privilege Escalation Vulnerability
BID:17037
Info
Zone Labs ZoneAlarm Security Suite Local Privilege Escalation Vulnerability
| Bugtraq ID: | 17037 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 08 2006 12:00AM |
| Updated: | Mar 10 2006 03:35PM |
| Credit: | Discovery is credited to Reed Arvin <[email protected]> |
| Vulnerable: |
Zone Labs ZoneAlarm Security Suite 6.1.744 .000 Zone Labs ZoneAlarm 6.0 |
| Not Vulnerable: | |
Discussion
Zone Labs ZoneAlarm Security Suite Local Privilege Escalation Vulnerability
Zone Labs ZoneAlarm Security Suite is prone to a local privilege escalation vulnerability. This issue is due to the failure of the application to properly specify the full path of DLLs.
This vulnerability allows local attackers to execute arbitrary malicious code with SYSTEM level privileges, facilitating the complete compromise of affected computers.
ZoneAlarm Security Suite version 6.1.744.000 is vulnerable to this issue; other versions may also be affected.
Zone Labs ZoneAlarm Security Suite is prone to a local privilege escalation vulnerability. This issue is due to the failure of the application to properly specify the full path of DLLs.
This vulnerability allows local attackers to execute arbitrary malicious code with SYSTEM level privileges, facilitating the complete compromise of affected computers.
ZoneAlarm Security Suite version 6.1.744.000 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Zone Labs ZoneAlarm Security Suite Local Privilege Escalation Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Zone Labs ZoneAlarm Security Suite Local Privilege Escalation Vulnerability
Solution:
The vendor has confirmed this vulnerability. Fixes are being developed and will be released in the near future. Please see references for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] mailto:[email protected]:[email protected].
Solution:
The vendor has confirmed this vulnerability. Fixes are being developed and will be released in the near future. Please see references for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] mailto:[email protected]:[email protected].
References
Zone Labs ZoneAlarm Security Suite Local Privilege Escalation Vulnerability
References:
References:
- Zone Labs Homepage (Zone Labs)
- 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.7 ("Reed Arvin"
) - Statement Regarding Reported Local Escalation of Privileges Vulnerability for Zo ("Zone Labs Product Security"