The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0070.html | Exploit Vendor Advisory |
http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt | |
http://sec-labs.hack.pl/papers/win32ddc.php | |
http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html | |
http://www.securityfocus.com/bid/8342 | Vendor Advisory |
http://www.osvdb.org/2375 | Patch Vendor Advisory |
http://www.osvdb.org/4362 | Patch Vendor Advisory |
http://secunia.com/advisories/9459 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/12824 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2003-12-30 21:00
Updated : 2017-07-28 18:29
NVD link : CVE-2003-1309
Mitre link : CVE-2003-1309
JSON object : View
CWE
Products Affected
zonelabs
- zonealarm