CVE-2007-4216Improper Input Validation in Checkpoint Zonealarm

CWE-20Improper Input Validation3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 81.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Checkpoint Zonealarm
Timeline
PublishedAug 21
Latest updateMay 1

Description

vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDcheckpoint/zonealarm7.0.337.0+2

🔴Vulnerability Details

2
GHSA
GHSA-v9fc-pf23-42rf: vsdatant2022-05-01
CVEList
CVE-2007-4216: vsdatant2007-08-21
CVE-2007-4216 — Improper Input Validation in Checkpoint | cvebase