CVE-2007-2083

EPSS 0.18%
Published 18.04.2007 03:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Zonelabs ≫ Zonealarm Editionpro Version <= 6.5.714.000

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.361

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

http://osvdb.org/35239

http://securityreason.com/securityalert/2591

http://www.matousec.com/info/advisories/ZoneAlarm-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php

Patch

Vendor Advisory

http://www.securityfocus.com/archive/1/465868/100/0/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/33664

https://nvd.nist.gov/vuln/detail/CVE-2007-2083

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2083

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2083

EUVD