CVE-2019-8453

low-risk

Published 2019-04-17

Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Zonealarm

Affected Vendors

Checkpoint

References (4)

http://www.securityfocus.com/bid/108029

Vendor Advisory https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960

http://www.securityfocus.com/bid/108029

Vendor Advisory https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal