Bugtraq mailing list archives
Re: Advisory:Multiple Vulnerabilities in ZoneAlarm
From: "Chris St. Clair" <chris_stclair () HOTMAIL COM>
Date: Wed, 3 Jan 2001 01:52:48 -0000
Whereas I agree it would be desirable for ZoneLabs to fix any >notified vulnerabilities, I share the view that in terms of RISK the >issue is of limited importance until an exploit can be devised that >can take advantage of the theoretical weakness.
As one of the people that found this problem, I can tell you that during the testing of this issue with ZoneAlarm we developed methods to exploit it with ~ 85% reliability. Agreed, there are a lot of things that have to go "just right" in order to be able to pull it off successfully. And it's also agreed that the risk level is relatively low. However, the point stands that there are other products out there that have similar functionality but do not exhibit the same weaknesses as ZoneAlarm. -chris _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
Current thread:
- Re: Advisory:Multiple Vulnerabilities in ZoneAlarm bacano (Jan 02)
- <Possible follow-ups>
- Re: Advisory:Multiple Vulnerabilities in ZoneAlarm Chris St. Clair (Jan 03)