Sign-up

ID

VAR-200908-0093


CVE

CVE-2008-7009


TITLE

Check Point ZoneAlarm Security Suite of multiscan.exe Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2009-003086

DESCRIPTION

Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information. ZoneAlarm Security Suite is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when performing virus scans on long directory paths. Remote attackers may leverage this issue to execute arbitrary code with SYSTEM-level privileges and gain complete access to the vulnerable computer. Failed attacks will cause denial-of-service conditions. This issue affects ZoneAlarm Security Suite 7.0.483.000; other versions may also be affected. ZoneAlarm is a personal computer firewall that protects personal data and privacy. ---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: ZoneAlarm Internet Security Suite "multiscan.exe" Buffer Overflow SECUNIA ADVISORY ID: SA31832 VERIFY ADVISORY: http://secunia.com/advisories/31832/ CRITICAL: Less critical IMPACT: System access WHERE: >From remote SOFTWARE: ZoneAlarm Internet Security Suite 8.x http://secunia.com/advisories/product/19816/ ZoneAlarm Internet Security Suite 7.x http://secunia.com/advisories/product/19815/ DESCRIPTION: Juan Pablo Lopez Yacubian has discovered a vulnerability in ZoneAlarm Internet Security Suite, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in multiscan.exe when processing input from files passed via the "-f" command line parameter. This can be exploited to cause a buffer overflow by e.g. tricking a user into scanning a file or directory with a specially crafted name via the "Scan with ZoneAlam Anti-virus" shell extension. Successful exploitation may allow the execution of arbitrary code. The vulnerability is confirmed in version 7.0.483.000 and 8.0.020.000. SOLUTION: A solution is not available. PROVIDED AND/OR DISCOVERED BY: Juan Pablo Lopez Yacubian ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-7009 // JVNDB: JVNDB-2009-003086 // BID: 31124 // VULHUB: VHN-37134 // PACKETSTORM: 69915

AFFECTED PRODUCTS

vendor:checkpointmodel:zonealarmscope:eqversion:7.0.483.000

Trust: 1.6

vendor:checkpointmodel:zonealarmscope:eqversion:8.0.020.000

Trust: 1.6

vendor:check pointmodel:zonealarmscope:eqversion:7.0.483.000 and 8.0.020.000

Trust: 0.8

vendor:zonemodel:labs zonealarm internet security suitescope:eqversion:7.0

Trust: 0.3

sources: BID: 31124 // JVNDB: JVNDB-2009-003086 // CNNVD: CNNVD-200908-264 // NVD: CVE-2008-7009

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-7009
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-7009
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200908-264
value: MEDIUM

Trust: 0.6

VULHUB: VHN-37134
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-7009
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-37134
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-37134 // JVNDB: JVNDB-2009-003086 // CNNVD: CNNVD-200908-264 // NVD: CVE-2008-7009

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-37134 // JVNDB: JVNDB-2009-003086 // NVD: CVE-2008-7009

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200908-264

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200908-264

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-003086

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-37134

PATCH
title:Top Pageurl:http://www.checkpoint.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-003086

EXTERNAL IDS
db:NVDid:CVE-2008-7009
Trust: 2.8
db:BIDid:31124
Trust: 2.0
db:SECUNIAid:31832
Trust: 1.8
db:OSVDBid:48097
Trust: 1.7
db:SECTRACKid:1020859
Trust: 1.7
db:VUPENid:ADV-2008-2556
Trust: 1.7
db:JVNDBid:JVNDB-2009-003086
Trust: 0.8
db:XFid:45082
Trust: 0.6
db:BUGTRAQid:20080911 ZONEALARM SECURITY SUITE BUFFER OVERFLOW
Trust: 0.6
db:CNNVDid:CNNVD-200908-264
Trust: 0.6
db:SEEBUGid:SSVID-85650
Trust: 0.1
db:EXPLOIT-DBid:32356
Trust: 0.1
db:VULHUBid:VHN-37134
Trust: 0.1
db:PACKETSTORMid:69915
Trust: 0.1
sources:
            
            
            VULHUB: VHN-37134 // 
            
            
            
            BID: 31124 // 
            
            
            
            JVNDB: JVNDB-2009-003086 // 
            
            
            
            PACKETSTORM: 69915 // 
            
            
            
            CNNVD: CNNVD-200908-264 // 
            
            
            
            NVD: CVE-2008-7009

REFERENCES
url:http://www.securityfocus.com/bid/31124
Trust: 1.7
url:http://osvdb.org/48097
Trust: 1.7
url:http://www.securitytracker.com/id?1020859
Trust: 1.7
url:http://secunia.com/advisories/31832
Trust: 1.7
url:http://www.vupen.com/english/advisories/2008/2556
Trust: 1.7
url:http://www.securityfocus.com/archive/1/496226/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/45082
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7009
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-7009
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/45082
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/496226/100/0/threaded
Trust: 0.6
url:http://www.fileden.com/files/2008/9/11/2091525/zonealarm.swf
Trust: 0.3
url:/archive/1/496226
Trust: 0.3
url:http://www.zonealarm.com
Trust: 0.3
url:http://secunia.com/binary_analysis/sample_analysis/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/31832/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/product/19815/
Trust: 0.1
url:http://secunia.com/advisories/product/19816/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-37134 // 
            
            
            
            BID: 31124 // 
            
            
            
            JVNDB: JVNDB-2009-003086 // 
            
            
            
            PACKETSTORM: 69915 // 
            
            
            
            CNNVD: CNNVD-200908-264 // 
            
            
            
            NVD: CVE-2008-7009

CREDITS
Juan Pablo Lopez Yacubian※ jplopezy@gmail.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200908-264

SOURCES
db:VULHUBid:VHN-37134
db:BIDid:31124
db:JVNDBid:JVNDB-2009-003086
db:PACKETSTORMid:69915
db:CNNVDid:CNNVD-200908-264
db:NVDid:CVE-2008-7009

LAST UPDATE DATE
2024-11-23T22:31:52.044000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-37134date:2018-10-11T00:00:00
db:BIDid:31124date:2015-05-07T17:24:00
db:JVNDBid:JVNDB-2009-003086date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200908-264date:2009-08-19T00:00:00
db:NVDid:CVE-2008-7009date:2024-11-21T00:58:02.700

SOURCES RELEASE DATE
db:VULHUBid:VHN-37134date:2009-08-19T00:00:00
db:BIDid:31124date:2008-09-11T00:00:00
db:JVNDBid:JVNDB-2009-003086date:2012-06-26T00:00:00
db:PACKETSTORMid:69915date:2008-09-12T19:47:57
db:CNNVDid:CNNVD-200908-264date:2008-09-11T00:00:00
db:NVDid:CVE-2008-7009date:2009-08-19T10:30:00.517