{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"ZoneAlarm Security Suite versions 5.x ;","product":{"name":"Security","vendor":{"name":"ESET","scada":false}}},{"description":"ZoneAlarm Antivirus versions 5.x, 6.x ;","product":{"name":"N/A","vendor":{"name":"ESET","scada":false}}},{"description":"ZoneAlarm versions 2.x, 3.x, 4.x, 5.x, 6.x, 7.x ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"ZoneAlarm Plus versions 3.x, 4.x ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"ZoneAlarm Internet Security Suite versions 6.x ;","product":{"name":"Internet Security","vendor":{"name":"ESET","scada":false}}},{"description":"ZoneAlarm Wireless Security versions 5.x.","product":{"name":"Security","vendor":{"name":"ESET","scada":false}}},{"description":"ZoneAlarm Pro versions 2.x, 3.x, 4.x, 5.x, 6.x ;","product":{"name":"N/A","vendor":{"name":"ESET","scada":false}}},{"description":"ZoneAlarm Anti-Spyware versions 6.x ;","product":{"name":"N/A","vendor":{"name":"ESET","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits ZoneLabs.\n\nLorsqu'un administrateur installe un produit ZoneLabs de la famille\nZoneAlarm, un param\u00e9trage par d\u00e9faut permet \u00e0 tout utilisateur de\nmodifier les fichiers install\u00e9s (r\u00e9f\u00e9rence CVE-2005-2932). Certains de\nces fichiers sont ex\u00e9cut\u00e9s avec les droits system.\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le pilote vsdatant.sys. Cette\nvuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur local de modifier directement le\ncontenu de certaines zones de la m\u00e9moire (r\u00e9f\u00e9rence CVE-2007-4216).\n\n## Solution\n\nMettre \u00e0 jour en version 7.0.362 (cf. section Documentation).\n","cves":[{"name":"CVE-2005-2932","url":"https://www.cve.org/CVERecord?id=CVE-2005-2932"},{"name":"CVE-2007-4216","url":"https://www.cve.org/CVERecord?id=CVE-2007-4216"}],"links":[{"title":"Page de mise \u00e0 jour de ZoneAlarm :","url":"http://www.zonealarm.com/store/content/support/zasc/cfu.jsp?dc=12bms&ctry=FR&lang=fr&lid=db_updates"}],"reference":"CERTA-2007-AVI-370","revisions":[{"description":"version initiale.","revision_date":"2007-08-21T00:00:00.000000"}],"risks":[{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"Deux vuln\u00e9rabilit\u00e9s dans les produits <span\nclass=\"textit\">ZoneLabs</span> permettent une \u00e9l\u00e9vation de privil\u00e8ges.\n","title":"Vuln\u00e9rabilit\u00e9s dans les produits ZoneLabs","vendor_advisories":[{"published_at":null,"title":"Bulletins de s\u00e9curit\u00e9 iDefense du 20 ao\u00fbt 2007","url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=585"}]}