| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Sep 2005 00:21:01 +0530 From: "Debasis Mohanty" <mail@...kingspirits.com> To: <bugtraq@...urityfocus.com> Subject: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC Hi All !! While I was testing desktop based firewalls (here it is Zone Alarm Pro) with the firewall evasion kit developed by me, I found that a very old flaw still exists in many latest versions of desktop based firewalls. It is possible for a malicious program to bypass a desktop based firewall by using DDE-IPC (Direct Data Exchange - Interprocess Communications) which enables an un-trusted program to communicate with the attacker or access internet via other trusted programs (Ex: Internet Explorer). This flaw is known since before year 2003. As per a post by Te Smith (Sr. Director, Corporate Communications, Zone Labs), this issue is resolved in higher version Zone Alarm Pro having Advanced Program Control feature. (Ref # http://seclists.org/lists/bugtraq/2003/Jul/0000.html) However, I find that this issue still exists in higher versions of Zone Alarm Pro and might also exist in other desktop based firewalls. I didn't find any good PoC around, so I thought of writing a PoC which can demonstrate and explain how an un-trusted program can access internet or establish connection with the attacker via other trusted programs by leveraging over the DDE-IPC design flaw. The PoC can be downloaded from the following link: http://hackingspirits.com/vuln-rnd/vuln-rnd.html Cheers.... Tr0y (aka Debasis Mohanty) www.hackingspirits.com
Powered by blists - more mailing lists