Critical

CVE-2004-0309 - Unspecified vulnerability in Zonelabs Integrity/Zonealarm

Publication: 2004-11-23
Summary

Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument.

Risk level (CVSS 10)

Critical

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Zonelabs Integrity 4.0
  • Zonelabs Zonealarm 4.0
  • Zonelabs Zonealarm 4.0
  • Zonelabs Zonealarm 4.0
  • Zonelabs Zonealarm 4.5