N/A

Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder. NOTE: since this issue is dependent on the existence of a vulnerability in a separate product (weak permissions of executables or libraries, or the execution of malicious code), perhaps it should not be included in CVE.

N/A

N/A

ZoneAlarm安全组件权限提升漏洞

ZoneAlarm是一款个人电脑防火墙，能保护个人数据和隐私安全。 ZoneAlarm的TrueVector服务在启动加载DLL时存在问题，攻击者可能利用此漏洞在主机上执行权限提升攻击。 在Windows启动过程中ZoneAlarm的TrueVector服务(vsmon.exe)被设置为自动启动。TrueVector服务是以本地系统帐号权限运行的，在启动过程中会试图加载以下几个DLL： - VSUTIL_Loc0409_Oem8701.dll - VSUTIL_Oem8701.dll - VSUTIL_L

N/A

N/A