First published: Thu Jul 13 2006(Updated: )
Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum argument.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ZoneAlarm by Check Point | =6.1.737.000 | |
ZoneAlarm by Check Point | =6.5.722.000 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2006-3540 has been classified as a medium severity vulnerability due to its potential to cause denial of service.
To mitigate CVE-2006-3540, users should update to the latest version of Check Point Zone Labs ZoneAlarm Internet Security Suite.
CVE-2006-3540 affects Check Point Zone Labs ZoneAlarm Internet Security Suite versions 6.1.737.000 and 6.5.722.000.
CVE-2006-3540 involves local users exploiting improper validation of RegSaveKey, RegRestoreKey, and RegDeleteKey function calls.
Yes, CVE-2006-3540 can cause a denial of service, which may result in system crashes.