Vulnerabilities > CVE-2007-2174 - Local Privilege Escalation vulnerability in Checkpoint Zonealarm 5.0.63.0

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

checkpoint

NVD

Published: 2007-04-24

Updated: 2018-10-16

Summary

The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses.

Vulnerable Configurations

Part	Description	Count
Application	Checkpoint Checkpoint Zonealarm - Checkpoint Zonealarm 5.0.63.0	2

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=517
http://secunia.com/advisories/24986
http://www.securityfocus.com/archive/1/466656/100/0/threaded
http://www.securityfocus.com/bid/23579
http://www.securitytracker.com/id?1017948
http://www.securitytracker.com/id?1017953
http://www.vupen.com/english/advisories/2007/1491
https://exchange.xforce.ibmcloud.com/vulnerabilities/33786