Security Issues with ZoneAlarm free versions
 

http://download.zonelabs.com/bin/fre...yAlert/35.html

Bypassing Personal Firewall Using “DDE-IPC”

Date Published : September 29, 2005
Date Last Revised : September 29, 2005

Overview :

Debasis Mohanty published a notice about a potential security issue with personal firewalls to several security email lists on September 28th, 2005 . Zone Labs has investigated his claims and has determined that current versions of Zone Labs and Check Point end-point security products are not vulnerable.

Description:

The proof-of-concept code published uses the Windows API function ShellExecute() to launch a trusted program that is used to access the network on behalf of the untrusted program, thereby accessing the network without warning from the firewall.

Impact :

If successfully exploited, a malicious program may be able to access the network via a trusted program. The ability to access the network would be limited to the functionality of the trusted program.

Unaffected Products:

ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Wireless Security, and ZoneAlarm Security Suite version 6.0 or later automatically protect against this attack in the default configuration.

ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Wireless Security, and ZoneAlarm Security Suite version 5.5 are protected against this attack by enabling the “Advanced Program Control” feature.

Check Point Integrity client versions 6.0 and 5.1 are protected against this attack by enabling the “Advanced Program Control” feature.

Affected Products:

ZoneAlarm free versions lack the "Advanced Program Control" feature and are therefore unable to prevent this bypass technique.

Recommended Actions:
Subscribers should upgrade to the latest version of their ZoneAlarm product or enable the “Advanced Program Control” feature.