LandzDown Forum

Software & More => Web News => Topic started by: Antus67 on January 25, 2019, 12:09:22 PM

Title: Researcher warns of privilege escalation flaw in Check Point ZoneAlarm
Post by: Antus67 on January 25, 2019, 12:09:22 PM
BY:  Help Net SecurityJanuary 25, 2019

Illumant researcher Chris Anastasio has discovered a serious vulnerability in Check Point’s security software.

(https://www.helpnetsecurity.com/images/posts2018/code_magnify.jpg)

It affects ZoneAlarm Free Firewall and ZoneAlarm Free Antivirus + Firewall and, if exploited, it may allow a malicious user with low privilege access to escalate privileges to SYSTEM level.
WCF and self-signed code in the spotlight

The vulnerability is due to insecure implementation of services developed using Windows Communication Foundation or “WCF.” It targets a .NET service in ZoneAlarm that runs as SYSTEM and utilizes WCF to handle inter-process communications.

Full Article Here:https://www.helpnetsecurity.com/2019/01/25/check-point-zone-alarm-flaw/ (https://www.helpnetsecurity.com/2019/01/25/check-point-zone-alarm-flaw/)