Paul Laudanski wrote:
This "exploit" was tested by members at CastleCops and found to be
untrue:
Unfortunately not !! Besides Zone Alarm free version it has been tested for
ZA Pro 3x and it works like a charm. Again Symantec SecurityFocus has
probably tested this for ZA Pro 5.1. so they have mentioned the vulnerable
version here http://securityfocus.com/bid/14966
I am not sure whether ZoneLabs has tested this or not, as I found ZA Pro 3x
to be vulnerable but seems it has not appear in the advisory's affected s/ws
list http://download.zonelabs.com/bin/free/securityAlert/35.html . As per
the advisory only the ZA free version is vulnerable.... I am afraid this is
incorrect ...
- D
-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Paul
Laudanski
Sent: Friday, September 30, 2005 3:11 AM
To: warl0ck@linuxmail.org
Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: [Full-disclosure] Re: Bypassing Personal Firewall (Zone Alarm
Pro)Using DDE-IPC
On 29 Sep 2005 warl0ck@linuxmail.org wrote:
It is issue with almost all the firewalls firewalls don't protect the
running applications themselves.I think i don't get is what does it
have to do with DDE ?.Also one can read firewall ACL from the settings
and inject code into the running trusted process.
This "exploit" was tested by members at CastleCops and found to be untrue:
http://castlecops.com/postlite134369-.html
Snapshots also provided.
--
Paul Laudanski, Microsoft MVP Windows-Security CastleCops(SM),
http://castlecops.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
