Author Topic: Researcher warns of privilege escalation flaw in Check Point ZoneAlarm  (Read 518 times)

0 Members and 1 Guest are viewing this topic.

Offline Antus67

  • Full Member
  • ***
  • Posts: 94
    • View Profile
BY:  Help Net SecurityJanuary 25, 2019

Illumant researcher Chris Anastasio has discovered a serious vulnerability in Check Point’s security software.



It affects ZoneAlarm Free Firewall and ZoneAlarm Free Antivirus + Firewall and, if exploited, it may allow a malicious user with low privilege access to escalate privileges to SYSTEM level.
WCF and self-signed code in the spotlight

The vulnerability is due to insecure implementation of services developed using Windows Communication Foundation or “WCF.” It targets a .NET service in ZoneAlarm that runs as SYSTEM and utilizes WCF to handle inter-process communications.

Full Article Here:https://www.helpnetsecurity.com/2019/01/25/check-point-zone-alarm-flaw/