ZoneAlarm VSMON.exe Local Privilege Escalation

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.

Synopsis :

The remote Windows application is prone to a local privilege
escalation issue.

Description :

The remote host is running ZoneAlarm, a firewall for Windows.

The TrueVector service associated with the version of ZoneAlarm
installed on the remote host loads as part of its startup several
necessary DLLs without specifying their pathnames. An attacker with
local access can exploit this flaw to execute arbitrary programs on
the affected host with LOCAL SYSTEM privileges.

See also :

Solution :

Upgrade to ZoneAlarm build 6.1.744.001 or later.

Risk factor :

Medium / CVSS Base Score : 6.2
CVSS Temporal Score : 5.9
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 21165 ()

Bugtraq ID: 17037

CVE ID: CVE-2006-1221

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now