7.2
CVE-2007-4216
- EPSS 0.37%
- Veröffentlicht 21.08.2007 17:17:00
- Zuletzt bearbeitet 16.06.2026 22:43:36
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Checkpoint ≫ Zonealarm Version <= 7.0.337.0
Checkpoint ≫ Zonealarm Version5.0.63.0
Checkpoint ≫ Zonealarm Version6.1.744.001
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.283 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/26513
http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=53
http://www.securityfocus.com/bid/25365
http://www.securityfocus.com/bid/25377
http://www.vupen.com/english/advisories/2007/2929
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=585
http://securitytracker.com/id?1018589
http://www.securityfocus.com/archive/1/477155/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/36107