Detections
Analytics

ZoneAlarm VSMON.exe Local Privilege Escalation

medium Nessus Plugin ID 21165

Synopsis

The remote Windows application is prone to a local privilege escalation issue.

Description

The remote host is running ZoneAlarm, a firewall for Windows.

The TrueVector service associated with the version of ZoneAlarm installed on the remote host loads as part of its startup several necessary DLLs without specifying their pathnames. An attacker with local access can exploit this flaw to execute arbitrary programs on the affected host with LOCAL SYSTEM privileges.

Solution

Upgrade to ZoneAlarm build 6.1.744.001 or later.

See Also

https://www.securityfocus.com/archive/1/427122/30/0/threaded

http://download.zonelabs.com/bin/free/securityAlert/51.html

Plugin Details

Severity: Medium

ID: 21165

File Name: zone_alarm_priv_escalation.nasl

Version: 1.15

Type: local

Family: Firewalls

Published: 3/29/2006

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 4.6

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/8/2006

Reference Information

CVE: CVE-2006-1221

BID: 17037