Vulnerability Description
Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum argument.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zonelabs | Zonealarm Security Suite | 6.1.737.000 |
References
- http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-protection-of-regVendor Advisory
- http://www.securityfocus.com/archive/1/438970/100/0/threaded
- http://www.securityfocus.com/bid/18789
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27584
- http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-protection-of-regVendor Advisory
- http://www.securityfocus.com/archive/1/438970/100/0/threaded
- http://www.securityfocus.com/bid/18789
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27584
FAQ
What is CVE-2006-3540?
CVE-2006-3540 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which...
How severe is CVE-2006-3540?
CVE-2006-3540 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3540?
Check the references section above for vendor advisories and patch information. Affected products include: Zonelabs Zonealarm Security Suite.