Summary
The host has ZoneAlarm Internet Security Suite installed, which is prone to buffer overflow vulnerability.
Impact
Exploitation could allow attackers to execute arbitrary code on the affected system or cause denial of service.
Impact Level : Application
Solution
Upgrade to ZoneAlarm Internet Security Suite 9 or later.
For updates refer to
http://www.zonealarm.com/store/content/dotzone/freeDownloads.jsp
Insight
The vulnerability is due to inadequate boundary checks on user-supplied input in multiscan.exe file when performing virus scans on long paths or file names. This can be exploited by tricking into scanning malicious directory or file names.
Affected
ZoneAlarm Internet Security Suite 8.x and prior on Windows (All).
References
Severity
Classification
-
CVE CVE-2008-7009 -
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities