Full Disclosure mailing list archives

RE: Re: Bypassing Personal Firewall (Zone Alarm Pro)Using DDE-IPC

From: "Debasis Mohanty" <mail () hackingspirits com>
Date: Sat, 1 Oct 2005 00:22:27 +0530

Paul Laudanski wrote:

This "exploit" was tested by members at CastleCops and found to be

untrue: 

Unfortunately not !! Besides Zone Alarm free version it has been tested for
ZA Pro 3x and it works like a charm. Again Symantec SecurityFocus has
probably tested this for ZA Pro 5.1. so they have mentioned the vulnerable
version here http://securityfocus.com/bid/14966

I am not sure whether ZoneLabs has tested this or not, as I found ZA Pro 3x
to be vulnerable but seems it has not appear in the advisory's affected s/ws
list http://download.zonelabs.com/bin/free/securityAlert/35.html . As per
the advisory only the ZA free version is vulnerable.... I am afraid this is
incorrect ... 

- D



-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Paul
Laudanski
Sent: Friday, September 30, 2005 3:11 AM
To: warl0ck () linuxmail org
Cc: full-disclosure () lists grok org uk; bugtraq () securityfocus com
Subject: [Full-disclosure] Re: Bypassing Personal Firewall (Zone Alarm
Pro)Using DDE-IPC

On 29 Sep 2005 warl0ck () linuxmail org wrote:

It is issue with almost all the firewalls firewalls don't protect the 
running applications themselves.I think i don't get is what does it 
have to do with DDE ?.Also one can read firewall ACL from the settings 
and inject code into the running trusted process.


This "exploit" was tested by members at CastleCops and found to be untrue:

http://castlecops.com/postlite134369-.html

Snapshots also provided.

--
Paul Laudanski, Microsoft MVP Windows-Security CastleCops(SM),
http://castlecops.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC Debasis Mohanty (Sep 28)
- <Possible follow-ups>
- Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC Paul Laudanski (Sep 29)
  - RE: Re: Bypassing Personal Firewall (Zone Alarm Pro)Using DDE-IPC Debasis Mohanty (Sep 30)