ZoneAlarm VSdatant Driver Denial of Service Vulnerability
BID:23734
Info
ZoneAlarm VSdatant Driver Denial of Service Vulnerability
| Bugtraq ID: | 23734 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2467 |
| Remote: | No |
| Local: | Yes |
| Published: | May 01 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | Matousec reported this issue. |
| Vulnerable: |
Zone Labs ZoneAlarm Pro 6.5.737.000 Zone Labs ZoneAlarm Pro 6.1.744.001 |
| Not Vulnerable: |
Zone Labs ZoneAlarm Pro 7.0.302.000 |
Discussion
ZoneAlarm VSdatant Driver Denial of Service Vulnerability
ZoneAlarm is prone to a local denial-of-service vulnerability because the application fails to validate its input buffer.
An attacker may exploit this issue to crash affected computers, denying service to legitimate users. Arbitrary code execution may be possible, this has not been confirmed.
ZoneAlarm Pro 6.5.737.000 and 6.1.744.001 are prone to this issue; other versions may be affected as well.
ZoneAlarm is prone to a local denial-of-service vulnerability because the application fails to validate its input buffer.
An attacker may exploit this issue to crash affected computers, denying service to legitimate users. Arbitrary code execution may be possible, this has not been confirmed.
ZoneAlarm Pro 6.5.737.000 and 6.1.744.001 are prone to this issue; other versions may be affected as well.
Exploit / POC
ZoneAlarm VSdatant Driver Denial of Service Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
ZoneAlarm VSdatant Driver Denial of Service Vulnerability
Solution:
The reporter of this issue states that version 7.0.302.000 is not vulnerable and that all 7.x versions may not be affected by this issue. Symantec has not confirmed this.
Solution:
The reporter of this issue states that version 7.0.302.000 is not vulnerable and that all 7.x versions may not be affected by this issue. Symantec has not confirmed this.
References
ZoneAlarm VSdatant Driver Denial of Service Vulnerability
References:
References:
- Zone Labs Homepage (Zone Labs)
- ZoneAlarm Insufficient validation of 'vsdatant' driver input buffer Vulnerabilit (Matuosec)
- ZoneAlarm Insufficient validation of 'vsdatant' driver input buffer Vulnerabilit (Matousec - Transparent security Research)