Description
Some vulnerability
was found in multiple Check Point Zone Alarm products, which
can be exploited by malicious, local users to gain escalated
privileges. The problem specifically exists within the IOCTL
handling code in the srescan.sys device driver. The device driver
fails to validate user-land supplied addresses passed to IOCTL
0x22208F and IOCTL 0x2220CF, which can be exploited for overwrite
arbitrary memory and execute code with kernel privileges.
Product
affected
The
vulnerabilities are reported in SRESCAN.SYS version
5.0.63.0 included in the free version of ZoneAlarm.
All other productions within the Zone Alarm product
line are suspected to be vulnerable. Previous versions
may also be affected.
Solution
Update to version 5.0.156.0 or higher of the ZoneAlarm
Spyware Removal Engine (current deployed version is 5.0.162.0).
http://www.zonealarm.com/store/content/catalog/download_buy.jsp?dc=12bms&ctry=US&lang=en
Suggested deployment
tools:
Patch
Management System: Shavlik's
HFNetChkPro, Patchlink's
PatchLink Update, Altiris
(Now Part of Symantec)
Source
iDefense
Labs
|
Enquiry
Hotline: 2102 5894 Email: