Zone Alarm Programs Insecure

Zone Alarm products have been discovered to have some vulnerabilities that can affect security. These flaws could be exploited by malicious local users, in order to gain escalated privileges, as Secunia informs. Zone Alarm is one of the most secure brands in consumer Internet security. They protect more than 60 million personal computers from viruses, spyware, hackers an identity theft and they have received many awards for their products.

As I've read on Secunia, one issue is the fact that insufficient address space verification within the 0x8400000F and 0x84000013 IOCTL handlers of vsdatant.sys and insecure permissions on the ".vsdatant" device interface can be exploited to e.g. access the said IOCTL handlers and overwrite arbitrary memory and execute code with kernel privileges. This affects Check Point Zone Labs Zone Alarm Free including vsdatant.sys version 6.5.737.0., but other versions could be affected as well.

The second issue that has been brought to our attention by Secunia experts is the insecure default Access Control List (ACL) settings when ZoneAlam tools are installed can be exploited to gain escalated privileges by replacing certain files. This flaw affects ZoneAlarm Security Suite 5.5.062.004 and 6.5.737 while other versions could also be affected. Malicious users could also take advantage of this vulnerability and move executable files to another folder, fact which would disable protection, because the program can not start on reboot with its files misplaced.

You can find the original advisory on iDefense Labs official site as well as on Reversemode's.
The vendors have issued a patch (available on their website) that is meant to fix these errors, so download it and update to version 7.0.362 to make your programs secure.

If you want to download the latest version of ZoneAlarm you can do it directly from Softpedia, through a safe connection. All you have to do is just click here.