Vulnerability Description
The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zonelabs | Zonealarm | 3.7.202 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0070.htmlExploitVendor Advisory
- http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html
- http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt
- http://sec-labs.hack.pl/papers/win32ddc.php
- http://secunia.com/advisories/9459PatchVendor Advisory
- http://www.osvdb.org/2375PatchVendor Advisory
- http://www.osvdb.org/4362PatchVendor Advisory
- http://www.securityfocus.com/bid/8342Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12824
- http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0070.htmlExploitVendor Advisory
- http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html
- http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt
- http://sec-labs.hack.pl/papers/win32ddc.php
- http://secunia.com/advisories/9459PatchVendor Advisory
- http://www.osvdb.org/2375PatchVendor Advisory
FAQ
What is CVE-2003-1309?
CVE-2003-1309 is a vulnerability with a CVSS score of 10.0 (HIGH). The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certa...
How severe is CVE-2003-1309?
CVE-2003-1309 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1309?
Check the references section above for vendor advisories and patch information. Affected products include: Zonelabs Zonealarm.