NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2006-1221

Summary	Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder. NOTE: since this issue is dependent on the existence of a vulnerability in a separate product (weak permissions of executables or libraries, or the execution of malicious code), perhaps it should not be included in CVE.
Publication Date	March 14, 2006, 8:02 p.m.
Registration Date	Jan. 29, 2021, 3:33 p.m.
Last Update	Oct. 19, 2018, 1:31 a.m.

CVSS2.0 : MEDIUM
Score	6.2
Vector	AV:L/AC:H/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	高
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:zonelabs:zonealarm_security_suite:6.1.744.000:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://reedarvin.thearvins.com/20060308-01.html	MISC	Exploit
2	http://securitytracker.com/id?1015743	SECTRACK	Exploit
3	http://www.securityfocus.com/archive/1/427122/100/0/threaded	BUGTRAQ
4	http://www.securityfocus.com/archive/1/427145/100/0/threaded	BUGTRAQ
5	http://www.securityfocus.com/archive/1/427309/100/0/threaded	BUGTRAQ
6	http://www.securityfocus.com/bid/17037	BID
7	http://www.vupen.com/english/advisories/2006/0947	VUPEN
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/25097	XF

Common Vulnerabilities List