Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a junction directory. This can be leveraged to perform an arbitrary file move as NT AUTHORITY\SYSTEM.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-27T02:17:14

Updated: 2024-08-03T12:49:43.364Z

Reserved: 2022-09-27T00:00:00

Link: CVE-2022-41604

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2022-09-27T23:15:17.263

Modified: 2022-09-30T14:59:42.080

Link: CVE-2022-41604

cve-icon Redhat

No data.