A vulnerability, which was classified as critical, was found in Check Point ZoneAlarm up to 15.4.062 (Firewall Software). This affects an unknown function of the component DLL Loader. The manipulation with an unknown input leads to a untrusted search path vulnerability. CWE is classifying the issue as CWE-426. The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.

The bug was discovered 02/18/2019. The weakness was published 04/17/2019 (Website). It is possible to read the advisory at securityfocus.com. This vulnerability is uniquely identified as CVE-2019-8453 since 02/18/2019. Attacking locally is a requirement. The successful exploitation requires a authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1574 according to MITRE ATT&CK.

The vulnerability was handled as a non-public zero-day exploit for at least 58 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entry is available at 133456.

Productinfo

Type

• Firewall Software

Vendor

• Check Point

Name

• ZoneAlarm

Version

• 15.4.062

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion