[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-disclosure] Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC
- To: "'Thierry Zoller'" <Thierry@xxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: RE: [Full-disclosure] Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC
- From: "Debasis Mohanty" <mail@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 1 Oct 2005 20:41:00 +0530
I tested this earlier, SendMessage() / SetDlgItem() / SetWindowText()
doesn't work for the current version of ZA Products (ZA Pro / Internet Sec
Suit).
This helps preventing the most wellknown windows local attack - Shatter
Attack.
However, I still can see a way out for their latest product... Will be
updated soon.
- Tr0y
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Thierry
Zoller
Sent: Saturday, October 01, 2005 3:39 PM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Re: Bypassing Personal Firewall (Zone
AlarmPro)Using DDE-IPC
Dear Paul,
PL> And in their press release, only the free is affected.
Which makes this discovery [ although a bit outdated ->
SendMessageApi() ] even more important, possibly a few million users
affected.
--
Thierry Zoller
Packet sniffer : http://www.sniff-em.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/