This module exploits a vulnerability in ZoneAlarm products when the 0x8400000F function is invoked with a specially crafted parameter. The IOCTL 0x8400000F handler in the VSDATANT.SYS device driver in ZoneAlarm products allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. Because of the inherent implication about exploiting a local vulnerability in a firewalled context this module will elevate privileges on the current agent instead of creating a new one.

CVE Link

Exploit Platform

Windows

Exploit Type

Product Name

ZoneAlarm VSDATANT IOCTL Handler Privilege Escalation Exploit

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum