Check Point ZoneAlarm 8.8.1.110 Local Privilege Escalation

2019.01.17
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-264

# Exploit Title: Check Point ZoneAlarm Local Privilege Escalation # Date: 1/16/19 # Exploit Author: Chris Anastasio # Vendor Homepage: https://www.zonealarm.com/software/free-antivirus/ # Software Link: Vulnerable Versions included in repo # Version: ZoneAlarm Free Antivirus + Firewall version: 15.3.064.17729 Vsmon version: 15.3.58.17668 Driver version: 15.1.29.17237 Antivirus engine version: 8.8.1.110 Antivirus signature DAT file version: 1297458144 # Tested on: Windows 7/Windows 10 # Vendor Disclosure: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk142952 POC: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/46189.zip


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top