CVE-2006-3540

Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum argument.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-protection-of-registry-key-VETFDDNT-Enum.php	Vendor Advisory
http://www.securityfocus.com/archive/1/438970/100/0/threaded
http://www.securityfocus.com/bid/18789
https://exchange.xforce.ibmcloud.com/vulnerabilities/27584

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zonelabs:zonealarm_security_suite:6.1.737.000:::::::*
	cpe:2.3:a:zonelabs:zonealarm_security_suite:6.5.722.000:::::::*

History

No history.

Information

Published : 2006-07-13 00:05

Updated : 2023-12-10 10:28

NVD link : CVE-2006-3540

Mitre link : CVE-2006-3540

CVE.ORG link : CVE-2006-3540

JSON object : View

Products Affected

zonelabs

zonealarm_security_suite

CWE

NVD-CWE-Other

{"id": "CVE-2006-3540", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-07-13T00:05:00.000", "references": [{"url": "http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-protection-of-registry-key-VETFDDNT-Enum.php", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/438970/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18789", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27584", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\VETFDDNT\\Enum argument."}, {"lang": "es", "value": "Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, y posiblemente otras versiones no validan apropiadamente llamadas a funciones RegSaveKey, RegRestoreKey, y RegDeleteKey, lo cual permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda de sistema) mediante determinadas combinaciones de estas llamadas a funciones con el argumento:\r\nHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\VETFDDNT\\Enum ."}], "lastModified": "2018-10-18T16:47:52.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zonelabs:zonealarm_security_suite:6.1.737.000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA41FAC2-F2EE-4EAD-B69D-D6FE2B5791FC"}, {"criteria": "cpe:2.3:a:zonelabs:zonealarm_security_suite:6.5.722.000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6B9F5F-D838-4309-A83D-438FDF897F2C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}