Vulnerability Description
vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zonelabs | Zonealarm | <= 6.5.714.000 |
References
- http://osvdb.org/35239
- http://securityreason.com/securityalert/2591
- http://www.matousec.com/info/advisories/ZoneAlarm-Multiple-insufficient-argumentPatchVendor Advisory
- http://www.securityfocus.com/archive/1/465868/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33664
- http://osvdb.org/35239
- http://securityreason.com/securityalert/2591
- http://www.matousec.com/info/advisories/ZoneAlarm-Multiple-insufficient-argumentPatchVendor Advisory
- http://www.securityfocus.com/archive/1/465868/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33664
FAQ
What is CVE-2007-2083?
CVE-2007-2083 is a vulnerability with a CVSS score of 6.9 (MEDIUM). vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a den...
How severe is CVE-2007-2083?
CVE-2007-2083 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2083?
Check the references section above for vendor advisories and patch information. Affected products include: Zonelabs Zonealarm.