Vulnerability Details : CVE-2019-8453
Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.
Published
2019-04-17 15:29:01
Updated
2019-04-23 16:29:11
Vulnerability category: File inclusionDenial of service
Products affected by CVE-2019-8453
- cpe:2.3:a:checkpoint:zonealarm:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-8453
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-8453
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2019-8453
-
Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.Assigned by: cve@checkpoint.com (Secondary)
-
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-8453
-
https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960
ZoneAlarm Free Antivirus + Firewall release history official page | ZoneAlarmVendor Advisory
-
http://www.securityfocus.com/bid/108029
Check Point ZoneAlarm Multiple Security Vulnerabilities
Jump to