Full Disclosure mailing list archives
Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC
From: "Debasis Mohanty" <mail () hackingspirits com>
Date: Thu, 29 Sep 2005 00:18:24 +0530
Hi All !! While I was testing desktop based firewalls (here it is Zone Alarm Pro) with the firewall evasion kit developed by me, I found that a very old flaw still exists in many latest versions of desktop based firewalls. It is possible for a malicious program to bypass a desktop based firewall by using DDE-IPC (Direct Data Exchange - Interprocess Communications) which enables an un-trusted program to communicate with the attacker or access internet via other trusted programs (Ex: Internet Explorer). This flaw is known since before year 2003. As per a post by Te Smith (Sr. Director, Corporate Communications, Zone Labs), this issue is resolved in higher version Zone Alarm Pro having Advanced Program Control feature. (Ref # http://seclists.org/lists/bugtraq/2003/Jul/0000.html) However, I find that this issue still exists in higher versions of Zone Alarm Pro and might also exist in other desktop based firewalls. I didn't find any good PoC around, so I thought of writing a PoC which can demonstrate and explain how an un-trusted program can access internet or establish connection with the attacker via other trusted programs by leveraging over the DDE-IPC design flaw. The PoC can be downloaded from the following link: http://hackingspirits.com/vuln-rnd/vuln-rnd.html Cheers.... Tr0y (aka Debasis Mohanty) www.hackingspirits.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC Debasis Mohanty (Sep 28)
- <Possible follow-ups>
- Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC Paul Laudanski (Sep 29)
- RE: Re: Bypassing Personal Firewall (Zone Alarm Pro)Using DDE-IPC Debasis Mohanty (Sep 30)