ZoneAlarm VSMON.exe Local Privilege Escalation

This script is Copyright (C) 2006-2011 Tenable Network Security, Inc.


Synopsis :

The remote Windows application is prone to a local privilege
escalation issue.

Description :

The remote host is running ZoneAlarm, a firewall for Windows.

The TrueVector service associated with the version of ZoneAlarm
installed on the remote host loads as part of its startup several
necessary DLLs without specifying their pathnames. An attacker with
local access can exploit this flaw to execute arbitrary programs on
the affected host with LOCAL SYSTEM privileges.

See also :

http://www.securityfocus.com/archive/1/427122/30/0/threaded
http://download.zonelabs.com/bin/free/securityAlert/51.html

Solution :

Upgrade to ZoneAlarm build 6.1.744.001 or later.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:F/RL:U/RC:C)
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 21165 ()

Bugtraq ID: 17037

CVE ID: CVE-2006-1221