Vulnerability Development mailing list archives
RE: Bug in Norton FireWall 2003
From: nowak.a () pg com
Date: Mon, 11 Aug 2003 17:15:21 -0400
I suppose a simple defense for "personal firewall" vendors against this sort of thing would be to use hard-to-guess window titles for their popups...
Hello, This simple defense may not be enough, as there are ways to find out the names of all "child" windows belonging to specific process. Regards, Andrzej Internet Mail Message Received from host: [205.206.231.26] From: Michael Wojcik <Michael.Wojcik () microfocus com> on 08/11/2003 07:24 PM GMT Michael Wojcik To: vuln-dev () securityfocus com <Michael.Wojcik () microfocus com> Cc: (bcc: Andrzej Nowak-A/PGI) Subject: RE: Bug in Norton FireWall 2003 08/11/2003 03:24 PM
From: Boy Bear [mailto:eyal067 () walla co il] Sent: Saturday, August 09, 2003 4:12 AM The Bug factor so lamb Firewall "ignored" from Trojan. The Trojan than himself in Firewall and so the actually Trojan worker without disturbance the of Firewall.
Ah, machine translation. A cursory glance through the VB source [see original message] suggests that the proposed exploit is to have a trojan recognize the firewall pop-up asking if the trojan should be permitted network access, and spoofing the user input to grant it. Simple enough. There appears to be a bug in the included source:
Private Sub wHideShow(HideShow As Boolean) Dim hwnd As Long hwnd = FindWindow(vbNullString, "Norton Personal Firewall") 'if not found then.. If hwnd = 0 Then Exit Sub End If 'if not hidden - hide, else - show If HideShow Then ShowWindow hwnd, SW_SHOW Else ShowWindow hwnd, SW_SHOW End If End Sub
Presumably one of "SW_SHOW" should be "SW_HIDE". Since wHideShow is never used by the program, and "HideShow" is not exactly a meaningful parameter name, it's hard to guess which. Then again, since wHideShow is never used, it doesn't really matter. I suppose a simple defense for "personal firewall" vendors against this sort of thing would be to use hard-to-guess window titles for their popups... -- Michael Wojcik Principal Software Systems Developer, Micro Focus
Current thread:
- Bug in Norton FireWall 2003 Boy Bear (Aug 11)
- <Possible follow-ups>
- RE: Bug in Norton FireWall 2003 Michael Wojcik (Aug 11)
- Re: Bug in Norton FireWall 2003 pr00f (Aug 12)
- RE: Bug in Norton FireWall 2003 nowak . a (Aug 11)
- RE: Bug in Norton FireWall 2003 Michael Wojcik (Aug 11)
- RE: Bug in Norton FireWall 2003 Kayne Ian (Softlab) (Aug 12)
- Re: Bug in Norton FireWall 2003 xenophi1e (Aug 12)
- Re: Bug in Norton FireWall 2003 Boy Bear (Aug 19)