September 2005
Zone Labs - Bypassing Personal Firewall Using DDE-IPC
ID: 00856
Ref: 799/05
Date: 30 September 2005:13:20:55
Version: 1
Title: Zone Labs - Bypassing Personal Firewall Using DDE-IPC
Abstract: The proof-of-concept code published uses the Windows API function ShellExecute() to launch a trusted program that is used to access the network on behalf of the untrusted program, thereby accessing the network without warning from the firewall.
Vendors affected: Zone Labs
Operating systems affected: Zone Labs
Applications affected: Zone Labs
Title
=====
Zone Labs - Bypassing Personal Firewall Using "DDE-IPC"
Detail
======
Zone Labs have issued a security advisory relating to some of their products.
The following are extracts from the advisory:
"Description:
The proof-of-concept code published uses the Windows API function ShellExecute() to
launch a trusted program that is used to access the network on behalf of the untrusted
program, thereby accessing the network without warning from the firewall. "
"Unaffected Products:
ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Wireless Security, and ZoneAlarm Security
Suite version 6.0 or later automatically protect against this attack in the default
configuration.
ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Wireless Security, and ZoneAlarm Security
Suite version 5.5 are protected against this attack by enabling the "Advanced Program
Control" feature.
Check Point Integrity client versions 6.0 and 5.1 are protected against this attack by
enabling the "Advanced Program Control" feature.
Affected Products:
ZoneAlarm free versions lack the "Advanced Program Control" feature and are therefore
unable to prevent this bypass technique. "
The full advisory can be viewed at the following URL:
http://download.zonelabs.com/bin/free/securityAlert/35.html