Check Point ZoneAlarm Local Privilege Escalation

vendor:

ZoneAlarm Free Antivirus + Firewall

by:

Chris Anastasio

7.2

CVSS

HIGH

Local Privilege Escalation

264

CWE

Product Name: ZoneAlarm Free Antivirus + Firewall

Affected Version From: 15.3.064.17729

Affected Version To: 15.3.58.17668

Patch Exists: Yes

Related CWE: N/A

CPE: a:check_point:zonealarm_free_antivirus_+_firewall

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7/Windows 10

2019

Check Point ZoneAlarm Local Privilege Escalation

Check Point ZoneAlarm is vulnerable to a local privilege escalation vulnerability. An attacker can exploit this vulnerability by running a malicious executable with elevated privileges. This can allow the attacker to gain access to sensitive information or perform malicious actions on the system.

Mitigation:

Users should update to the latest version of Check Point ZoneAlarm Free Antivirus + Firewall. Additionally, users should ensure that all other software on the system is up to date.

Source

Exploit-DB raw data:

# Exploit Title: Check Point ZoneAlarm Local Privilege Escalation
# Date: 1/16/19
# Exploit Author: Chris Anastasio
# Vendor Homepage: https://www.zonealarm.com/software/free-antivirus/
# Software Link: Vulnerable Versions included in repo
# Version:
ZoneAlarm Free Antivirus + Firewall version: 15.3.064.17729
Vsmon version: 15.3.58.17668
Driver version: 15.1.29.17237
Antivirus engine version: 8.8.1.110
Antivirus signature DAT file version: 1297458144
# Tested on: Windows 7/Windows 10
# Vendor Disclosure: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk142952

POC:

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46189.zip