RE: Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC

["Debasis Mohanty" <mail () hackingspirits com>]

FW, 
Just to clarify: 

> > If I understand things correctly, in the attack Thierry describes, you
don't send window messages 
> > to windows of the Zone Alarm process (which might be protected indeed),
but to the Internet Explorer windows.

Well, I was refering to sending windows messages from any programs to any
other program (not necessarily ZA Processes) -> The latest version of ZA
prevents against windows messaging inbetween two different programs /
processes and pop-up for user's permission to allow access. So it will be a
vague attemt to even try sending anytype of msgs to ZA via windows
messaging.

- D


  

-----Original Message-----
From: Florian Weimer [mailto:fw () deneb enyo de] 
Sent: Sunday, October 02, 2005 12:11 AM
To: Debasis Mohanty
Cc: 'Thierry Zoller'; full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Re: Bypassing Personal Firewall (Zone
AlarmPro)Using DDE-IPC

* Debasis Mohanty:

> I tested this earlier, SendMessage() / SetDlgItem() / SetWindowText() 
> doesn't work for the current version of ZA Products (ZA Pro / Internet 
> Sec Suit).
>
> This helps preventing the most wellknown windows local attack - 
> Shatter Attack.

If I understand things correctly, in the attack Thierry describes, you don't
send window messages to windows of the Zone Alarm process (which might be
protected indeed), but to the Internet Explorer windows.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/