From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability 2. Vulnerability IDs: - ZDI-24-1036 - ZDI-CAN-21677 3. CVE ID: CVE-2024-6233 4. CVSS Score: 7.8, AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 5. Affected Vendor: Check Point 6. Affected Product: ZoneAlarm Extreme Security 7. Vulnerability Details: - This vulnerability allows a local attacker to escalate privileges on an affected Check Point ZoneAlarm Extreme Security installation. - The attacker must first gain the ability to execute low-privilege code on the target system in order to exploit this vulnerability. - The specific flaw resides in the Forensic Recorder service. By creating symbolic links, an attacker can abuse the service to overwrite arbitrary files. This can be exploited to escalate privileges and execute arbitrary code in the SYSTEM context. 8. Fix Status: - Fixed in version 4.2.712. - Fix link: https://www.zonealarm.com/software/extreme-security-nextgen 9. Disclosure Timeline: - 2023-09-07 - Vulnerability reported to vendor - 2024-07-31 - Coordinated public disclosure of vulnerability advisory - 2024-08-15 - Vulnerability advisory updated 10. Credit: Filip Dragovic (@filip_dragovic) This information provides a detailed description of the vulnerability, including its severity, affected systems, and remediation status.