2.0.2

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

watchguard

NVD

Published: 2003-08-27

Updated: 2017-07-11

Summary

WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess.

Vulnerable Configurations

Part	Description	Count
Application	Watchguard Watchguard Serverlock 2.0 Watchguard Serverlock 2.0.1 Watchguard Serverlock 2.0.2	3

References

http://marc.info/?l=bugtraq&m=105848106631132&w=2
http://secunia.com/advisories/9310
http://www.osvdb.org/6578
http://www.securityfocus.com/bid/8222
https://exchange.xforce.ibmcloud.com/vulnerabilities/12665