CVE-2006-3540

Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum argument.

Published: Jul 13, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-3540
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
zonelabs / zonealarm_security_suite	6.1.737.000	6.1.737.000.x
zonelabs / zonealarm_security_suite	6.5.722.000	6.5.722.000.x

http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-protection-of-registry-key-VETFDDNT-Enum.php
http://www.securityfocus.com/archive/1/438970/100/0/threaded
http://www.securityfocus.com/bid/18789
https://exchange.xforce.ibmcloud.com/vulnerabilities/27584

Vulnerability Database

289,784

CVE-2006-3540