CVE-2007-2083

EPSS 0.18%
Veröffentlicht 18.04.2007 03:19:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zonelabs ≫ Zonealarm Editionpro Version <= 6.5.714.000

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.361

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

http://osvdb.org/35239

http://securityreason.com/securityalert/2591

http://www.matousec.com/info/advisories/ZoneAlarm-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php

Patch

Vendor Advisory

http://www.securityfocus.com/archive/1/465868/100/0/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/33664

https://nvd.nist.gov/vuln/detail/CVE-2007-2083

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2083

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2083

EUVD