Vulnerability Name:

CVE-2006-3540 (CCN-27584)

Assigned:2006-07-01
Published:2006-07-01
Updated:2018-10-18
Summary:Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum argument.
CVSS v3 Severity:6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Mon Jul 03 2006 - 11:54:54 CDT
ZoneAlarm Insufficient protection of registry key 'VETFDDNT\Enum' Vulnerability

Source: MITRE
Type: CNA
CVE-2006-3540

Source: CCN
Type: Matousec Security Advisory 2006-07-01.01
ZoneAlarm Insufficient protection of registry key 'VETFDDNT\Enum' Vulnerability

Source: MISC
Type: Vendor Advisory
http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-protection-of-registry-key-VETFDDNT-Enum.php

Source: CCN
Type: OSVDB ID: 28244
ZoneAlarm VETFDDNT\Enum Registry Key Multiple Function DoS

Source: BUGTRAQ
Type: UNKNOWN
20060703 ZoneAlarm Insufficient protection of registry key 'VETFDDNT\Enum' Vulnerability

Source: BID
Type: UNKNOWN
18789

Source: CCN
Type: BID-18789
Zone Labs ZoneAlarm Registry Key Local Denial Of Service Vulnerability

Source: CCN
Type: Zone Labs Web site
ZoneAlarm Internet Security Suite

Source: XF
Type: UNKNOWN
zonealarm-registrykey-dos(27584)

Source: XF
Type: UNKNOWN
zonealarm-registrykey-dos(27584)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:zonelabs:zonealarm_security_suite:6.1.737.000:*:*:*:*:*:*:*
  • OR cpe:/a:zonelabs:zonealarm_security_suite:6.5.722.000:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    zonelabs zonealarm security suite 6.1.737.000
    zonelabs zonealarm security suite 6.5.722.000