Description: Pen Testing, Risk Advisory, Compliance, Higher Education, SOX, SAS70, DLP, Compliance Software,internal controls, PCI DSS, Business Continuity ,security assessment
wireless (3369) web application (1554) risk assessment (376) black box (110) vulnerability assessment (103) social engineering (86) data loss prevention (37) risk advisory (30) perimerter (3) critical asset (3)
Illumant has discovered a critical vulnerability in Check Point’s ZoneAlarm anti-virus software. This vulnerability allows a low-privileged user to escalate to SYSTEM-level privileges. A service endpoint within ZoneAlarm exposes powerful functionality, including the ability to start new processes as SYSTEM. Efforts were made by the developers to ensure that only trusted processes could interact with the service. Trusted processes are identified using code signing, but on Windows it is possible for low-privi
Check Point’s ZoneAlarm anti-virus software is often cited among the top 10 most popular anti-virus applications, and as such, this vulnerability, before the patch was made available ( here & here ), affected millions of systems worldwide.
Furthermore, the vulnerability is an example of a class of vulnerabilities that exist within insecure implementations of Microsoft’s Windows Communication Foundation (WCF). Illumant is calling this bug class “OwnDigo,” a twist on the name “Indigo,” the former codename for WCF.