Advisory 2006-07-01.01

ZoneAlarm Insufficient protection of registry key 'VETFDDNT\Enum' Vulnerability

Basic information:

Description:

ZoneAlarm insufficiently checks calling standard Windows API functions RegSaveKey, RegRestoreKey and RegDeleteKey. A proper combination of mentioned function calls on registry key 'HKLM\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum' causes a system crash due to erroneous implementation of ZoneAlarm's driver. Since version 6.5.722.000 ZoneAlarm Internet Security Suite protects this key better and thus exploitation of this bug requires two calls of mentioned functions combination. Moreover, since this version it is also necessary to alert user with a query of arbitrary protected action. The alert is not needed if ZoneAlarm operates in Game Mode. This bug is classified as serious because the protected action that has to be executed before the exploitation can be arbitrary and because the system crashes regardless the user's decision.

Vulnerable software:

• ZoneAlarm Internet Security Suite 6.5.722.000
• ZoneAlarm Internet Security Suite 6.1.737.000
• probably all versions of ZoneAlarm Internet Security Suite

Not vulnerable software:

• ZoneAlarm Internet Security Suite 7.0.302.000 and higher
• ZoneAlarm Pro 6.1.744.001
• probably all versions of ZoneAlarm and ZoneAlarm Pro

Events:

• 2007-01-15: The product vendor released ZoneAlarm Internet Security Suite 7.0.302.000, which fixed the bug
• 2006-07-12: Candidate for inclusion in the CVE list
• 2006-07-03: Vulnerability confirmed by popular information sources
• 2006-07-01: Advisory released
• 2006-07-01: Vendor notification

References:

• National Vulnerability Database
• Common Vulnerabilities and Exposures
• SecurityFocus Vulnerabilities
• Packet Storm Security July 2006 exploit archive
• Zone-H ITsec Advisories
• ZoneAlarm

valid HTML 4.01 · valid CSS 2 · optimized for you · design by martina · powered by jan · generated on August 21, 2008