[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] Re: Bypassing Personal Firewall (Zone Alarm Pro)Using DDE-IPC

To: "'Paul Laudanski'" <zx@xxxxxxxxxxxxxx>, <warl0ck@xxxxxxxxxxxxx>
Subject: RE: [Full-disclosure] Re: Bypassing Personal Firewall (Zone Alarm Pro)Using DDE-IPC
From: "Debasis Mohanty" <mail@xxxxxxxxxxxxxxxxxx>
Date: Sat, 1 Oct 2005 00:22:27 +0530

Paul Laudanski wrote:
>> This "exploit" was tested by members at CastleCops and found to be
untrue: 

Unfortunately not !! Besides Zone Alarm free version it has been tested for
ZA Pro 3x and it works like a charm. Again Symantec SecurityFocus has
probably tested this for ZA Pro 5.1. so they have mentioned the vulnerable
version here http://securityfocus.com/bid/14966

I am not sure whether ZoneLabs has tested this or not, as I found ZA Pro 3x
to be vulnerable but seems it has not appear in the advisory's affected s/ws
list http://download.zonelabs.com/bin/free/securityAlert/35.html . As per
the advisory only the ZA free version is vulnerable.... I am afraid this is
incorrect ... 

- D

-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Paul
Laudanski
Sent: Friday, September 30, 2005 3:11 AM
To: warl0ck@xxxxxxxxxxxxx
Cc: full-disclosure@xxxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Re: Bypassing Personal Firewall (Zone Alarm
Pro)Using DDE-IPC

On 29 Sep 2005 warl0ck@xxxxxxxxxxxxx wrote:

> It is issue with almost all the firewalls firewalls don't protect the 
> running applications themselves.I think i don't get is what does it 
> have to do with DDE ?.Also one can read firewall ACL from the settings 
> and inject code into the running trusted process.

This "exploit" was tested by members at CastleCops and found to be untrue:

http://castlecops.com/postlite134369-.html

Snapshots also provided.

--
Paul Laudanski, Microsoft MVP Windows-Security CastleCops(SM),
http://castlecops.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] iDEFENSE Security Advisory 09.30.05: RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability
Next by Date: [Full-disclosure] Buffer-overflow and directory traversal bugs in Virtools Web Player 3.0.0.100
Previous by thread: [Full-disclosure] iDEFENSE Security Advisory 09.30.05: RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability
Next by thread: RE: [Full-disclosure] Re: Bypassing Personal Firewall (Zone Alarm Pro)Using DDE-IPC
Index(es):
- Date
- Thread