ZoneAlarm SMTP 遠端緩衝區溢出漏洞

ZoneLabs provides a suite of desktop firewall products. Products in this suite such as ZoneAlarm analyze incoming and outgoing email messages for malicious or otherwise abnormal content. When ZoneAlarm examines outgoing email messages a buffer overflow condition is presented when they retrieve the destination email address from the message. An attacker can exploit this vulnerability to elevate his privileges to SYSTEM on any machine protected by a vulnerable ZoneLabs product. This vulnerability can also be exploited remotely if an attacker can manipulate the protected system into sending an outgoing email message.

A stack based buffer overflow vulnerability within vsmon.exe can be exploited to execute code with the context of the SYSTEM account. The vulnerability exists within the component responsible for processing the RCPT TO command argument. By specifying a large argument to the RCPT TO command an internal stack based buffer can be overflowed within the TrueVector Internet Monitor (vsmon.exe) process.