Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-7009Improper Restriction of Operations within the Bounds of a Memory Buffer in Checkpoint Zonealarm

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
6.9MEDIUMNVD
EPSS
0.2%
top 55.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Checkpoint Zonealarm
Timeline
PublishedAug 19
Latest updateMay 14

Description

Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

NVDcheckpoint/zonealarm7.0.483.000, 8.0.020.000+1

🔴Vulnerability Details

2
GHSA
GHSA-c2fw-x5gx-3qxr: Buffer overflow in multiscan2022-05-14
CVEList
CVE-2008-7009: Buffer overflow in multiscan2009-08-19

💥Exploits & PoCs

1
Exploit-DB
ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow (PoC)2008-09-11
CVE-2008-7009 — Checkpoint Zonealarm vulnerability | cvebase