matousec.com (site map)

Poll

On Windows 7 (or Vista) I use

  unlimited administrator's account (57.94%)

  limited administrator's account (16.4%)

  common user's account (13.64%)

  nothing (I do not use Win 7/Vista) (14.26%)

more

results

Advisory 2006-07-01.01

ZoneAlarm Insufficient protection of registry key 'VETFDDNT\Enum' Vulnerability

Basic information:


Release date: July 1, 2006

Last update: February 23, 2007

Severity:Medium

Character:System crash

Status:Fixed

Testing program: BTP00002P000ZA.zip

Description:

ZoneAlarm insufficiently checks calling standard Windows API functions RegSaveKey, RegRestoreKey and RegDeleteKey. A proper combination of mentioned function calls on registry key 'HKLM\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum' causes a system crash due to erroneous implementation of ZoneAlarm's driver. Since version 6.5.722.000 ZoneAlarm Internet Security Suite protects this key better and thus exploitation of this bug requires two calls of mentioned functions combination. Moreover, since this version it is also necessary to alert user with a query of arbitrary protected action. The alert is not needed if ZoneAlarm operates in Game Mode. This bug is classified as serious because the protected action that has to be executed before the exploitation can be arbitrary and because the system crashes regardless the user's decision.

Vulnerable software:

Not vulnerable software:

Events:

References: