Vulnerability Development mailing list archives
Re: Bug in Norton FireWall 2003
From: pr00f <pr00f () pr00f org>
Date: Tue, 12 Aug 2003 00:38:23 -0700
Even a "hard-to-guess window title" wouldn't be enough. There are API functions to grab window information from any window currently under the mouse pointer. Throw such a query into a timer, and hover the mouse over the window you want to get the title of. Bingo. - pr00f Michael Wojcik <Michael.Wojcik () microfocus com> wrote ------------------------------------------------------------
From: Boy Bear [mailto:eyal067 () walla co il] Sent: Saturday, August 09, 2003 4:12 AM The Bug factor so lamb Firewall "ignored" from Trojan. The Trojan than himself in Firewall and so the actually Trojan worker without disturbance the of Firewall.
Ah, machine translation. A cursory glance through the VB source [see original message] suggests that the proposed exploit is to have a trojan recognize the firewall pop-up asking if the trojan should be permitted network access, and spoofing the user input to grant it. Simple enough. There appears to be a bug in the included source:
Private Sub wHideShow(HideShow As Boolean) Dim hwnd As Long hwnd = FindWindow(vbNullString, "Norton Personal Firewall") 'if not found then.. If hwnd = 0 Then Exit Sub End If 'if not hidden - hide, else - show If HideShow Then ShowWindow hwnd, SW_SHOW Else ShowWindow hwnd, SW_SHOW End If End Sub
Presumably one of "SW_SHOW" should be "SW_HIDE". Since wHideShow is never used by the program, and "HideShow" is not exactly a meaningful parameter name, it's hard to guess which. Then again, since wHideShow is never used, it doesn't really matter. I suppose a simple defense for "personal firewall" vendors against this sort of thing would be to use hard-to-guess window titles for their popups... -- Michael Wojcik Principal Software Systems Developer, Micro Focus -- If one cannot enjoy reading a book over and over again, there is no use in reading it at all. -- Oscar Wilde
Current thread:
- Bug in Norton FireWall 2003 Boy Bear (Aug 11)
- <Possible follow-ups>
- RE: Bug in Norton FireWall 2003 Michael Wojcik (Aug 11)
- Re: Bug in Norton FireWall 2003 pr00f (Aug 12)
- RE: Bug in Norton FireWall 2003 nowak . a (Aug 11)
- RE: Bug in Norton FireWall 2003 Michael Wojcik (Aug 11)
- RE: Bug in Norton FireWall 2003 Kayne Ian (Softlab) (Aug 12)
- Re: Bug in Norton FireWall 2003 xenophi1e (Aug 12)
- Re: Bug in Norton FireWall 2003 Boy Bear (Aug 19)