CVE-2007-2174 — Checkpoint Zonealarm vulnerability

3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 78.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Checkpoint Zonealarm

Timeline

PublishedApr 24

Latest updateMay 1

Description

The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDcheckpoint/zonealarm5.0.63.0

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-r482-54vx-vgj4: The IOCTL handling in srescan↗2022-05-01

▶

CVEList

CVE-2007-2174: The IOCTL handling in srescan↗2007-04-24

▶