CVE-2007-2174 Information

Description

The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=517 http://secunia.com/advisories/24986 http://www.securityfocus.com/archive/1/466656/100/0/threaded http://www.securityfocus.com/bid/23579 http://www.securitytracker.com/id?1017948 http://www.securitytracker.com/id?1017953 http://www.vupen.com/english/advisories/2007/1491 https://exchange.xforce.ibmcloud.com/vulnerabilities/33786