| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat Oct 1 16:11:12 2005 From: mail at hackingspirits.com (Debasis Mohanty) Subject: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC I tested this earlier, SendMessage() / SetDlgItem() / SetWindowText() doesn't work for the current version of ZA Products (ZA Pro / Internet Sec Suit). This helps preventing the most wellknown windows local attack - Shatter Attack. However, I still can see a way out for their latest product... Will be updated soon. - Tr0y -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Thierry Zoller Sent: Saturday, October 01, 2005 3:39 PM To: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC Dear Paul, PL> And in their press release, only the free is affected. Which makes this discovery [ although a bit outdated -> SendMessageApi() ] even more important, possibly a few million users affected. -- Thierry Zoller Packet sniffer : http://www.sniff-em.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists