CVE-2003-1309 : The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.

The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack").

Published 2003-12-31 05:00:00

Updated 2017-07-29 01:29:05

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2003-1309

Probability of exploitation activity in the next 30 days: 0.92%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2003-1309

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2003-1309

http://www.securityfocus.com/bid/8342

Vendor Advisory
http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/12824

CVEs referencing this url
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0070.html

Exploit;Vendor Advisory

Products affected by CVE-2003-1309

Zonelabs » Zonealarm » Version: 3.7.211 Plus Edition
cpe:2.3:a:zonelabs:zonealarm:3.7.211:*:plus:*:*:*:*:*
Matching versions
Zonelabs » Zonealarm » Version: 3.7.211 PRO Edition
cpe:2.3:a:zonelabs:zonealarm:3.7.211:*:pro:*:*:*:*:*
Matching versions
Zonelabs » Zonealarm » Version: 3.7.202
cpe:2.3:a:zonelabs:zonealarm:3.7.202:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2003-1309

Exploit prediction scoring system (EPSS) score for CVE-2003-1309

CVSS scores for CVE-2003-1309

References for CVE-2003-1309

Products affected by CVE-2003-1309