| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat Oct 1 20:26:39 2005 From: mail at hackingspirits.com (Debasis Mohanty) Subject: Re: Bypassing Personal Firewall (ZoneAlarmPro)Using DDE-IPC Yeah TZ, This one will work but as long as an user's intervention is there but if you try to simulate key strokes using your code then this is prevented by current version of ZA. - D -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Thierry Zoller Sent: Sunday, October 02, 2005 12:43 AM To: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Re: Bypassing Personal Firewall (ZoneAlarmPro)Using DDE-IPC Dear Florian, FW> If I understand things correctly, in the attack Thierry describes, FW> you don't send window messages to windows of the Zone Alarm process FW> (which might be protected indeed), but to the Internet Explorer windows. Exactly, the "attack" abuses the fact that windows has no authentication of the window messages in the queue (in other words it doesn't know WHO send the message, the APP or the USER in front of the PC). Not knowing who send the message it happily executes it. -> WindowsKEY + R -> TYPE iexplore.exe -> Press ENTER -> Send Windowhide Use your imagination from here on. -- Thierry Zoller mailto:Thierry@...ff-em.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists