[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20050930185225.53A37410@lists.grok.org.uk>
Date: Fri Sep 30 19:52:32 2005
From: mail at hackingspirits.com (Debasis Mohanty)
Subject: Re: Bypassing Personal Firewall (Zone Alarm
Pro)Using DDE-IPC
Paul Laudanski wrote:
>> This "exploit" was tested by members at CastleCops and found to be
untrue:
Unfortunately not !! Besides Zone Alarm free version it has been tested for
ZA Pro 3x and it works like a charm. Again Symantec SecurityFocus has
probably tested this for ZA Pro 5.1. so they have mentioned the vulnerable
version here http://securityfocus.com/bid/14966
I am not sure whether ZoneLabs has tested this or not, as I found ZA Pro 3x
to be vulnerable but seems it has not appear in the advisory's affected s/ws
list http://download.zonelabs.com/bin/free/securityAlert/35.html . As per
the advisory only the ZA free version is vulnerable.... I am afraid this is
incorrect ...
- D
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Paul
Laudanski
Sent: Friday, September 30, 2005 3:11 AM
To: warl0ck@...uxmail.org
Cc: full-disclosure@...ts.grok.org.uk; bugtraq@...urityfocus.com
Subject: [Full-disclosure] Re: Bypassing Personal Firewall (Zone Alarm
Pro)Using DDE-IPC
On 29 Sep 2005 warl0ck@...uxmail.org wrote:
> It is issue with almost all the firewalls firewalls don't protect the
> running applications themselves.I think i don't get is what does it
> have to do with DDE ?.Also one can read firewall ACL from the settings
> and inject code into the running trusted process.
This "exploit" was tested by members at CastleCops and found to be untrue:
http://castlecops.com/postlite134369-.html
Snapshots also provided.
--
Paul Laudanski, Microsoft MVP Windows-Security CastleCops(SM),
http://castlecops.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists