CVE-2019-8452

HIGH

Check Point Endpoint Security < E80.96 and ZoneAlarm < 15.4.062 - Privilege Escalation via Hard Link

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8452. PoCs published by Jakub Palaczynski.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in Check Point Endpoint Security Client/ZoneAlarm by manipulating the tvDebug.log archiving mechanism to change permissions of arbitrary files, allowing an attacker to replace a DLL loaded with SYSTEM privileges.

Description

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

Exploits (1)

exploitdb WORKING POC

by Jakub Palaczynski · textlocalwindows

https://www.exploit-db.com/exploits/47471

View Code ZIP pw:eip

This exploit leverages a privilege escalation vulnerability in Check Point Endpoint Security Client/ZoneAlarm by manipulating the tvDebug.log archiving mechanism to change permissions of arbitrary files, allowing an attacker to replace a DLL loaded with SYSTEM privileges.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Check Point Endpoint Security VPN <= E80.87 Build 986009514, Check Point ZoneAlarm <= 15.4.062.17802

Auth required

Prerequisites: Authenticated user access · Check Point software installed · tvDebug.log file exists and is writable · Ability to restart the system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960

Vendor Advisory x_refsource_confirm

https://supportcenter.us.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk150012

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/154754/CheckPoint-Endpoint-Security-Client-ZoneAlarm-Privilege-Escalation.html

Scores

CVSS v3 7.8

EPSS 0.0104

EPSS Percentile 59.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-59 CWE-65

Status published

Products (2)

checkpoint/endpoint_security < e80.96

checkpoint/zonealarm < 15.4.062

Published Apr 22, 2019

Tracked Since Feb 18, 2026