CVE-2007-2730

high Check Point
CVSS v3 Base Score
7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
0.0%
Exploitation probability in 30 days
Top 86% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: May 16, 2007 (6937 days ago)
Last Modified: April 23, 2026
Vendor: Check Point
Source: NVD

Description

Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.

CWE

NVD-CWE-Other

Affected Products

checkpoint zonealarmcomodo comodo firewall procomodo comodo personal firewall

References

🔗 osvdb.org 🔗 securityreason.com 🔗 www.matousec.com 🔗 www.securityfocus.com 🔗 osvdb.org