|
ZoneAlarm TrueVector Device Driver Privilege Escalation
|
|
Secunia Advisory:
|
SA9459
|
|
|
Release Date:
|
2003-08-06
|
|
Last Update:
|
2003-08-07
|
|
Popularity:
|
43,259 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Privilege escalation
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Zone Labs Integrity 2.x
Zone Labs Integrity 3.x
Zone Labs Integrity 4.x
ZoneAlarm 3.x
ZoneAlarm 4.x
ZoneAlarm Plus 4.x
ZoneAlarm Pro 2.x
ZoneAlarm Pro 3.x
ZoneAlarm Pro 4.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
A vulnerability has been reported in Zonealarm, which can be exploited by malicious, local users to escalate their privileges on a vulnerable system or cause it to crash.
The vulnerability is caused due to an error in the TrueVector Device Driver ("vsdatant.sys"). This can be exploited by sending two specially crafted control codes using the "DeviceIoControl()" function, which request the device driver to perform certain operations.
The first control code will supply specially crafted input to the requested operation via the "lpInBuffer", which then returns output to the memory location specified by the "lpOutBuffer". The memory contents in this location can then be changed to include arbitrary shellcode. Afterwards, the second control code can manipulate the drivers return address making it jump to the memory location previously specified by the "lpOutBuffer".
Successful exploitation either crashes the system or allows execution of arbitrary code with Kernel Mode (Ring 0) privileges.
The vulnerability was originally reported in version 3.1. However, Secunia has received notice from Zone Labs, which indicates that all current versions of ZoneAlarm are affected.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
