Site Network: | | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

Zone Labs Product Range - Local hacker automatic control

Version: Various
Technical Details:

Two separate issues in the ZoneAlarm family of products have been identified. The first is an insecure permissions set in the default file ACL that allows a local unprivileged user to gain privilege escalation and control over the system, while the second is a failure to adequately validate input parameters in the IOCTL code within the vsdatant.sys driver. This leads to arbitrary code execution at the kernel level.


iDefense have provided detailed reporting on two issues affecting the Zone Labs ZoneAlarm family of antimalware and protective security software. Both issues can allow a local unprivileged user to take complete control over the local system as a result of poor default permissions and the poor handling of user input passed to certain supplied drivers.


Zone Labs have updated their products to version 7.0.362 to address this vulnerability. Users and administrators should consider updating to this latest version.




External Tracking Data:

CVE ID: CVE-2005-2932 CVE-ID: CVE-2007-4216

Social bookmark this page