lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat Oct  1 16:11:12 2005
From: mail at hackingspirits.com (Debasis Mohanty)
Subject: Re: Bypassing Personal Firewall (Zone
	AlarmPro)Using DDE-IPC

I tested this earlier, SendMessage() / SetDlgItem() / SetWindowText()
doesn't work for the current version of ZA Products (ZA Pro / Internet Sec
Suit). 

This helps preventing the most wellknown windows local attack - Shatter
Attack.

However, I still can see a way out for their latest product... Will be
updated soon.

- Tr0y


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Thierry
Zoller
Sent: Saturday, October 01, 2005 3:39 PM
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Re: Bypassing Personal Firewall (Zone
AlarmPro)Using DDE-IPC

Dear Paul,

PL>  And in their press release, only the free is affected.
Which makes this discovery [ although a bit outdated ->
SendMessageApi() ] even more important, possibly a few million users
affected.

--
Thierry Zoller
Packet sniffer : http://www.sniff-em.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists