3.7.211

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

zonelabs

critical

NVD

Published: 2003-12-31

Updated: 2017-07-29

Summary

The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").

Vulnerable Configurations

Part	Description	Count
Application	Zonelabs Zonelabs Zonealarm 3.7.202 Zonelabs Zonealarm 3.7.211	3

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0070.html
http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html
http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt
http://sec-labs.hack.pl/papers/win32ddc.php
http://secunia.com/advisories/9459
http://www.osvdb.org/2375
http://www.osvdb.org/4362
http://www.securityfocus.com/bid/8342
https://exchange.xforce.ibmcloud.com/vulnerabilities/12824