7.2

CVE-2007-2174

The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CheckpointZonealarm Version <= 5.0.63.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.41% 0.326
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=517
Vendor Advisory
http://secunia.com/advisories/24986
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/466656/100/0/threaded
http://www.securityfocus.com/bid/23579
http://www.securitytracker.com/id?1017948
http://www.securitytracker.com/id?1017953
http://www.vupen.com/english/advisories/2007/1491
https://exchange.xforce.ibmcloud.com/vulnerabilities/33786