LandzDown Forum
Software & More => Web News => Topic started by: Antus67 on January 25, 2019, 12:09:22 PM
-
BY: Help Net SecurityJanuary 25, 2019
Illumant researcher Chris Anastasio has discovered a serious vulnerability in Check Point’s security software.
(https://www.helpnetsecurity.com/images/posts2018/code_magnify.jpg)
It affects ZoneAlarm Free Firewall and ZoneAlarm Free Antivirus + Firewall and, if exploited, it may allow a malicious user with low privilege access to escalate privileges to SYSTEM level.
WCF and self-signed code in the spotlight
The vulnerability is due to insecure implementation of services developed using Windows Communication Foundation or “WCF.” It targets a .NET service in ZoneAlarm that runs as SYSTEM and utilizes WCF to handle inter-process communications.
Full Article Here:https://www.helpnetsecurity.com/2019/01/25/check-point-zone-alarm-flaw/ (https://www.helpnetsecurity.com/2019/01/25/check-point-zone-alarm-flaw/)