Buffer overflow : ZoneAlarm Internet Security Suite < 9.x Buffer Overflow Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.900126

Category: Buffer overflow

Title: ZoneAlarm Internet Security Suite < 9.x Buffer Overflow Vulnerability

Summary: ZoneAlarm Internet Security Suite is prone to a buffer overflow vulnerability.

Description: Summary:
ZoneAlarm Internet Security Suite is prone to a buffer overflow vulnerability.

Vulnerability Insight:
The vulnerability is due to inadequate boundary checks on
user-supplied input in multiscan.exe file when performing virus scans
on long paths or file names. This can be exploited by tricking into
scanning malicious directory or file names.

Vulnerability Impact:
Exploitation could allow attackers to execute arbitrary code
on the affected system or cause denial of service.

Affected Software/OS:
ZoneAlarm Internet Security Suite 8.x and prior on Windows (All).

Solution:
Upgrade to ZoneAlarm Internet Security Suite 9 or later.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-7009
BugTraq ID: 31124
http://www.securityfocus.com/bid/31124
Bugtraq: 20080911 ZoneAlarm Security Suite buffer overflow (Google Search)
http://www.securityfocus.com/archive/1/496226/100/0/threaded
http://osvdb.org/48097
http://www.securitytracker.com/id?1020859
http://secunia.com/advisories/31832
http://www.vupen.com/english/advisories/2008/2556
XForce ISS Database: zonealarm-directories-bo(45082)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45082

Copyright Copyright (C) 2008 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.900126
Category:	Buffer overflow
Title:	ZoneAlarm Internet Security Suite < 9.x Buffer Overflow Vulnerability
Summary:	ZoneAlarm Internet Security Suite is prone to a buffer overflow vulnerability.
Description:	Summary: ZoneAlarm Internet Security Suite is prone to a buffer overflow vulnerability. Vulnerability Insight: The vulnerability is due to inadequate boundary checks on user-supplied input in multiscan.exe file when performing virus scans on long paths or file names. This can be exploited by tricking into scanning malicious directory or file names. Vulnerability Impact: Exploitation could allow attackers to execute arbitrary code on the affected system or cause denial of service. Affected Software/OS: ZoneAlarm Internet Security Suite 8.x and prior on Windows (All). Solution: Upgrade to ZoneAlarm Internet Security Suite 9 or later. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-7009 BugTraq ID: 31124 http://www.securityfocus.com/bid/31124 Bugtraq: 20080911 ZoneAlarm Security Suite buffer overflow (Google Search) http://www.securityfocus.com/archive/1/496226/100/0/threaded http://osvdb.org/48097 http://www.securitytracker.com/id?1020859 http://secunia.com/advisories/31832 http://www.vupen.com/english/advisories/2008/2556 XForce ISS Database: zonealarm-directories-bo(45082) https://exchange.xforce.ibmcloud.com/vulnerabilities/45082
Copyright	Copyright (C) 2008 Greenbone AG