Vulnerability Report

CVE-2006-1221

Title: Zonelabs Zonealarm Security Suite

Other

Proof Of Concept

No public PoC currently indexed for CVE-2006-1221.

CWE Category NVD-CWE-noinfo

Published Date Mar 14, 2006

Modified Date Apr 03, 2025

Exploit Status Not Found

Score 6.2 CVSS v2.0

Exploit Probability (EPSS)

0.09%

Vulnerability Summary

CVE-2006-1221: Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder. NOTE: since this issue is dependent on the existence of a vulnerability in a separate product (weak permissions of executables or libraries, or the execution of malicious code), perhaps it should not be included in CVE.

Impacted Vendors

zonelabs 1

Reference Links

http://reedarvin.thearvins.com/20060308-01.html http://securitytracker.com/id?1015743 http://www.securityfocus.com/archive/1/427122/100/0/threaded http://www.securityfocus.com/archive/1/427145/100/0/threaded http://www.securityfocus.com/archive/1/427309/100/0/threaded http://www.securityfocus.com/bid/17037 http://www.vupen.com/english/advisories/2006/0947 https://exchange.xforce.ibmcloud.com/vulnerabilities/25097 http://reedarvin.thearvins.com/20060308-01.html http://securitytracker.com/id?1015743 http://www.securityfocus.com/archive/1/427122/100/0/threaded http://www.securityfocus.com/archive/1/427145/100/0/threaded http://www.securityfocus.com/archive/1/427309/100/0/threaded http://www.securityfocus.com/bid/17037 http://www.vupen.com/english/advisories/2006/0947 https://exchange.xforce.ibmcloud.com/vulnerabilities/25097

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

6.2

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:L/AC:H/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2006-1221 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 03, 2025 MODIFIED

Vulnerability data or affected products updated.

March 14, 2006 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:L/AC:H/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.