cbcvebase.

Zonelabs Zonealarm vulnerabilities

17 known vulnerabilities affecting zonelabs/zonealarm.

Total CVEs
17
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM8LOW3

Vulnerabilities

Page 1 of 1
CVE-2005-3560P3HIGHCVSS 7.5PoCv6.02005-11-16
CVE-2005-3560 [HIGH] CVE-2005-3560: Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus 6.0, (4) ZoneAlarm Anti-Spyware 6.0 through 6.1, and (5) ZoneAlarm 6.0 allow remote attackers to bypass the "Advanced Program Control and OS Firewall filters" setting via URLs in "HTML Modal Dialogs" (window.location.href) contained within JavaScript tags.
nvd
CVE-2000-0339P4HIGHCVSS 7.5PoC≤ 2.2.102000-04-24
CVE-2000-0339 [HIGH] CVE-2000-0339: ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remo ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remote attackers to bypass the firewall rules.
nvd
CVE-2007-2083P4MEDIUMCVSS 6.9PoC≤ 6.5.714.0002007-04-18
CVE-2007-2083 [MEDIUM] CVE-2007-2083: vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arg vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions.
nvd
CVE-2004-0309P3CRITICALCVSS 10.0v4.0v4.52004-11-23
CVE-2004-0309 [CRITICAL] CVE-2004-0309: Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4 Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument.
nvd
CVE-2002-1911P4MEDIUMCVSS 5.0PoCv3.0v3.12002-12-31
CVE-2002-1911 [MEDIUM] CVE-2002-1911: ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue.
nvd
CVE-2003-1309P4CRITICALCVSS 10.0v3.7.202v3.7.2112003-12-31
CVE-2003-1309 [CRITICAL] CVE-2003-1309: The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").
nvd
CVE-2002-1997P4HIGHCVSS 7.5v3.02002-12-31
CVE-2002-1997 [HIGH] CVE-2002-1997: ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering and possibly execute arbitrar ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering and possibly execute arbitrary code via email attachments containing a trailing dot after the file extension.
nvd
CVE-2004-1936P4HIGHCVSS 7.5v2.4v2.6+5 more2004-04-14
CVE-2004-1936 [HIGH] CVE-2004-1936: ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote attackers to bypass e-mail prote ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote attackers to bypass e-mail protection via attachments whose names contain certain non-English characters.
nvd
CVE-2004-0612P4MEDIUMCVSS 5.1v5.0.590.0152004-12-06
CVE-2004-0612 [MEDIUM] CVE-2004-0612: The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encryp The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encrypted session, which could allow remote attackers to bypass the mobile code filtering. NOTE: it has been disputed by the vendor that this behavior is required by the SSL specification.
nvd
CVE-2007-5044P4MEDIUMCVSS 6.9v7.0.362.0002007-09-24
CVE-2007-5044 [MEDIUM] CVE-2007-5044: ZoneAlarm Pro 7.0.362.000 does not properly validate certain parameters to System Service Descriptor ZoneAlarm Pro 7.0.362.000 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreatePort and (2) NtDeleteFile kernel SSDT hooks, a partial regression of CVE-2007-2083.
nvd
CVE-2001-1373P4MEDIUMCVSS 5.0v2.1v2.2+4 more2001-07-18
CVE-2001-1373 [MEDIUM] CVE-2001-1373: MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibi MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments.
nvd
CVE-2004-1534P4MEDIUMCVSS 5.0v4.0v4.5+3 more2004-12-31
CVE-2004-1534 [MEDIUM] CVE-2004-1534: ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, allows remote web sites to cau ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, allows remote web sites to cause a denial of service (application instability or system hang) via certain JavaScript.
nvd
CVE-2007-2467P4MEDIUMCVSS 4.9v6.1.744.001v6.5.737.0002007-05-02
CVE-2007-2467 [MEDIUM] CVE-2007-2467: ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows loc ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access.
nvd
CVE-2000-0220P4MEDIUMCVSS 5.0v2.0.262000-02-24
CVE-2000-0220 [MEDIUM] CVE-2000-0220: ZoneAlarm sends sensitive system and network information in cleartext to the Zone Labs server if a u ZoneAlarm sends sensitive system and network information in cleartext to the Zone Labs server if a user requests more information about an event.
nvd
CVE-2001-1548P4LOWCVSS 2.1v2.1v2.2+4 more2001-12-31
CVE-2001-1548 [LOW] CVE-2001-1548: ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via n ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
nvd
CVE-2005-0114P4LOWCVSS 2.1v5.5.062.0112005-02-11
CVE-2005-0114 [LOW] CVE-2005-0114: vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneA
nvd
CVE-2004-2713P4LOWCVSS 1.9v1.02004-12-31
CVE-2004-2713 [LOW] CWE-264 CVE-2004-2713: Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\Internet Logs\* to the EVERYONE group, Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\Internet Logs\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissions. NOTE: this issue has been disputed by the vendor, who claims that it does not affect product functionality since the same information is also saved in a p
nvd
Zonelabs Zonealarm vulnerabilities | cvebase