Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC

from [Debasis Mohanty] Network Security [Permanent Link]
Subject: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC
Date: Thu, 29 Sep 2005 00:21:01 +0530 
Hi All !!

While I was testing desktop based firewalls (here it is Zone Alarm Pro) with
the firewall evasion kit developed by me, I found that a very old flaw still
exists in many latest versions of desktop based firewalls. It is possible
for a malicious program to bypass a desktop based firewall by using DDE-IPC
(Direct Data Exchange - Interprocess Communications) which enables an
un-trusted program to communicate with the attacker or access internet via
other trusted programs (Ex: Internet Explorer). This flaw is known since
before year 2003. 

As per a post by Te Smith (Sr. Director, Corporate Communications, Zone
Labs), this issue is resolved in higher version Zone Alarm Pro having
Advanced Program Control feature. (Ref #
http://seclists.org/lists/bugtraq/2003/Jul/0000.html) However, I find that
this issue still exists in higher versions of Zone Alarm Pro and might also
exist in other desktop based firewalls.

I didn't find any good PoC around, so I thought of writing a PoC which can
demonstrate and explain how an un-trusted program can access internet or
establish connection with the attacker via other trusted programs by
leveraging over the DDE-IPC design flaw. 

The PoC can be downloaded from the following link:
http://hackingspirits.com/vuln-rnd/vuln-rnd.html



Cheers.... 
Tr0y (aka Debasis Mohanty)
www.hackingspirits.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] OpenServer 5.0.7 OpenServer 6.0.0 : UnZip File Permissions Change Vulnerability, please_reply_to_security
Next by Date:  PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure, retrogod
Previous by Thread:  [Full-disclosure] OpenServer 5.0.7 OpenServer 6.0.0 : UnZip File Permissions Change Vulnerability, please_reply_to_security
Next by Thread:  Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC, warl0ck
Indexes:  [Date] [Thread] [Top] [All Lists]