Vulnerability Name:

CVE-2003-1309 (CCN-12824)

Assigned:2003-08-02
Published:2003-08-02
Updated:2017-07-29
Summary:The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: VulnWatch Mailing List, Tue Aug 05 2003 - 08:36:44 CDT
Local ZoneAlarm Firewall (probably all versions - tested on v3.1)

Source: VULNWATCH
Type: Exploit, Vendor Advisory
20030805 Local ZoneAlarm Firewall (probably all versions - tested on v3.1)

Source: CCN
Type: VulnWatch Mailing List, Wed Aug 06 2003 - 22:40:05 CDT
Vendor response to "Local ZoneAlarm Firewall (probably all versions - tested on v3.1)"

Source: MITRE
Type: CNA
CVE-2003-1309

Source: MITRE
Type: CNA
CVE-2003-1310

Source: CONFIRM
Type: UNKNOWN
http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html

Source: MISC
Type: UNKNOWN
http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt

Source: CCN
Type: SEC-LABS win32ddc paper
Win32 Device Drivers Communication Vulnerabilities

Source: MISC
Type: UNKNOWN
http://sec-labs.hack.pl/papers/win32ddc.php

Source: CCN
Type: SA9459
ZoneAlarm TrueVector Device Driver Privilege Escalation

Source: SECUNIA
Type: Patch, Vendor Advisory
9459

Source: CCN
Type: SA9460
Symantec Norton AntiVirus Device Driver Privilege Escalation

Source: OSVDB
Type: Patch, Vendor Advisory
2375

Source: OSVDB
Type: Patch, Vendor Advisory
4362

Source: CCN
Type: OSVDB ID: 2375
ZoneAlarm TrueVector Device Driver vsdatant.sys DeviceIoControl Function Privilege Escalation

Source: CCN
Type: OSVDB ID: 4362
Symantec AntiVirus Device Driver NAVAP.sys DeviceIoControl Function Privilege Escalation

Source: CCN
Type: BID-8329
Symantec Norton AntiVirus Device Driver Memory Overwrite Vulnerability

Source: BID
Type: Vendor Advisory
8342

Source: CCN
Type: BID-8342
ZoneAlarm Local Device Driver IO Control Code Execution Vulnerability

Source: CCN
Type: Zone Labs Technical Support group Web site
Zone Labs: Zone Labs Service and Support, ZoneAlarm support, technical support

Source: XF
Type: UNKNOWN
device-driver-gain-privileges(12824)

Source: XF
Type: UNKNOWN
device-driver-gain-privileges(12824)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:zonelabs:zonealarm:3.7.202:*:*:*:*:*:*:*
  • OR cpe:/a:zonelabs:zonealarm:3.7.211:*:plus:*:*:*:*:*
  • OR cpe:/a:zonelabs:zonealarm:3.7.211:*:pro:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:norton_antivirus:2002:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    zonelabs zonealarm 3.7.202
    zonelabs zonealarm 3.7.211
    zonelabs zonealarm 3.7.211
    symantec norton antivirus 2002