ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability
BID:23494
Info
ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability
| Bugtraq ID: | 23494 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-2083 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 15 2007 12:00AM |
| Updated: | Sep 18 2007 10:00PM |
| Credit: | Discovery is credited to David Matousek. |
| Vulnerable: |
Zone Labs ZoneAlarm Pro 6.5.737.000 Zone Labs ZoneAlarm Pro 6.1.744.001 |
| Not Vulnerable: |
Zone Labs ZoneAlarm Pro 7.0.302.000 |
Discussion
ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability
ZoneAlarm is prone to a local denial-of-service vulnerability.
This issue occurs when attackers supply invalid argument values to the 'vsdatant.sys' driver.
A local attacker may exploit this issue to crash affected computers, denying service to legitimate users.
ZoneAlarm Pro 6.5.737.000 and 6.1.744.001 are prone to this issue; other versions may be affected as well.
ZoneAlarm is prone to a local denial-of-service vulnerability.
This issue occurs when attackers supply invalid argument values to the 'vsdatant.sys' driver.
A local attacker may exploit this issue to crash affected computers, denying service to legitimate users.
ZoneAlarm Pro 6.5.737.000 and 6.1.744.001 are prone to this issue; other versions may be affected as well.
Exploit / POC
ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability
The following exploit code causes a denial-of-service condition:
The following exploit code causes a denial-of-service condition:
Solution / Fix
ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information
Solution:
The vendor released an update to address this issue. Please see the references for more information
References
ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability
References:
References:
- Windows Personal Firewall Analysis (Matousec)
- Zone Labs Homepage (Zone Labs)
- ZoneAlarm Multiple insufficient argument validation of hooked SSDT function Vuln (Matousec Transparent Security)
- ZoneAlarm Multiple insufficient argument validation of hooked SSDT function Vuln (Matousec)
- Plague in (security) software drivers & BSDOhook utility (Matousec)
- ZoneAlarm Multiple insufficient argument validation of hooked SSDT function Vuln (Matousec - Transparent security Research)