Full Disclosure mailing list archives
Re: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 01 Oct 2005 20:40:57 +0200
* Debasis Mohanty:
I tested this earlier, SendMessage() / SetDlgItem() / SetWindowText() doesn't work for the current version of ZA Products (ZA Pro / Internet Sec Suit). This helps preventing the most wellknown windows local attack - Shatter Attack.
If I understand things correctly, in the attack Thierry describes, you don't send window messages to windows of the Zone Alarm process (which might be protected indeed), but to the Internet Explorer windows. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Re: Bypassing Personal Firewall (Zone Alarm Pro)Using DDE-IPC Thierry Zoller (Oct 01)
- RE: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC Debasis Mohanty (Oct 01)
- Re: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC Florian Weimer (Oct 01)
- Re: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC Thierry Zoller (Oct 01)
- RE: Re: Bypassing Personal Firewall (ZoneAlarmPro)Using DDE-IPC Debasis Mohanty (Oct 01)
- Re: Re: Bypassing Personal Firewall (ZoneAlarmPro)Using DDE-IPC Thierry Zoller (Oct 01)
- RE: Re: Bypassing Personal Firewall (ZoneAlarmPro)Using DDE-IPC Debasis Mohanty (Oct 01)
- Re: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC Florian Weimer (Oct 01)
- RE: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC Debasis Mohanty (Oct 01)
- RE: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC Debasis Mohanty (Oct 01)
- Re: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC Thierry Zoller (Oct 01)
- RE: Re: Bypassing Personal Firewall (ZoneAlarmPro)Using DDE-IPC Debasis Mohanty (Oct 01)