CVE-2006-3540

Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum argument.

🔗 References (8)

• cve@mitrehttp://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-protection-of-registry-key-VETFDDNT-Enum.php
• cve@mitrehttp://www.securityfocus.com/archive/1/438970/100/0/threaded
• cve@mitrehttp://www.securityfocus.com/bid/18789
• cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/27584
• af854a3a-2127-422b-91ae-364da2661108http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-protection-of-registry-key-VETFDDNT-Enum.php
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/438970/100/0/threaded
• af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/18789
• af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/27584