Vulnerability Report

CVE-2003-1309

Title: ZoneAlarm TrueVector driver privilege escalation

Privilege Escalation

Proof Of Concept

No public PoC currently indexed for CVE-2003-1309.

CWE Category NVD-CWE-noinfo
Published Date Dec 31, 2003
Modified Date Apr 03, 2025
Exploit Status Not Found
Score 10.0 CVSS v2.0
Exploit Probability (EPSS)
1.10%

Vulnerability Summary

CVE-2003-1309: The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").

Impacted Vendors

C
checkpoint 1
Z
zonelabs 1

Reference Links

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0070.html http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt http://sec-labs.hack.pl/papers/win32ddc.php http://secunia.com/advisories/9459 http://www.osvdb.org/2375 http://www.osvdb.org/4362 http://www.securityfocus.com/bid/8342 https://exchange.xforce.ibmcloud.com/vulnerabilities/12824 http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0070.html http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt http://sec-labs.hack.pl/papers/win32ddc.php http://secunia.com/advisories/9459 http://www.osvdb.org/2375 http://www.osvdb.org/4362 http://www.securityfocus.com/bid/8342 https://exchange.xforce.ibmcloud.com/vulnerabilities/12824
CVSS v2.0
Source Entity [email protected]
Severity HIGH
10.0
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2003-1309 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.