ZoneAlarm VSDATANT IOCTL Handler Privilege Escalation Exploit

This module exploits a vulnerability in ZoneAlarm products when the 0x8400000F function is invoked with a specially crafted parameter. The IOCTL 0x8400000F handler in the VSDATANT.SYS device driver in ZoneAlarm products allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters to obtain escalated privileges.
Exploit type: 
Vulnerabilty ID: 
Released Date: 
Monday, October 13, 2008 - 19:00