lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 1 Jun 2009 18:18:52 -0000
From: loginit@...il.com
To: bugtraq@...urityfocus.com
Subject: Zemana Antilogger 1.9.2 DoS attack

Severity: Critical
Title: Zemana Antilogger: Denial of Service
Date: May 30, 2009
Vers:1.9.2.102
ID: 200905-30
StreAmeR - 2009

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A vulnerability has been discovered in Zemana Antilogger, allowing for a Denial
of Service.

Background
==========

Zemana AntiLogger has a new, powerful way to protect your PC from malware attacks.

Affected packages
=================
Vers:1.9.2.102 and old versions.

Description
===========
Attempts to terminate the process by sending Close messages (called WM_CLOSE and SC_CLOSE) to all windows in the target process. This method only works if 1) the target process has at least one window, and 2) the target process doesn't handle the WM_CLOSE/SC_CLOSE message .


Impact
======

Attacker could send specially crafted messages to the windows of the target process,
resulting in a crash.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

No current solution.

Powered by blists - more mailing lists