[NT] Bypassing ZoneAlarm Pro 'Mobile Code'

• Previous message: SecuriTeam: "[UNIX] Linux Broadcom 5820 Cryptonet Driver Integer Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 24 Jun 2004 19:34:22 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

  Bypassing ZoneAlarm Pro 'Mobile Code'
------------------------------------------------------------------------

SUMMARY

 
<http://www.zonelabs.com/store/content/catalog/products/sku_list_zap.jsp?lid=nav_pro> ZoneAlarm Pro personal firewall includes a "Mobile Code" filter integrated with Internet Explorer.
Presented below is a method of bypassing the ZoneAlarm Pro "Mobile Code"
filtering using SSL.

DETAILS

Vulnerable Systems:
 * ZoneAlarm Pro 5.0.590.01

The new version of ZoneAlarm Pro features "Mobile Code" blocking, which
blocks potentially dangerous web objects such as ActiveX, Java Applets,
and certain MIME objects. For example the filter blocks out any
"application/*" MIME type. Unfortunately, the "Mobile Code" filter does
not filter SSL content. A malicious person could lure a ZoneAlarm Pro user
to a malicious SSL site with dangerous "Mobile Code" content; and
ZoneAlarm Pro would fail to filter the "Mobile Code".

ADDITIONAL INFORMATION

The information has been provided by <mailto:advisories@kurczaba.com>
Kurczaba Associates.

The original article can be found at:
<http://www.kurczaba.com/securityadvisories/0406214.htm>
http://www.kurczaba.com/securityadvisories/0406214.htm

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[UNIX] Linux Broadcom 5820 Cryptonet Driver Integer Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [NEWS] Cisco WSM URL Filtering Solution TCP ACL Bypass Vulnerability ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A vulnerability exists in the Cisco Firewall Services Module ... The FWSM may be used in conjunction with a Websense Enterprise ... filter is also exempt from the inbound ACL inspection on any interface. ... (Securiteam) [NEWS] Hotmail Cross Site Scripting Vulnerability (Malformed Tags) ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Hotmail's filter identifies any possibly malicious HTML ... the HTML event properties inside the email s HTML tags. ... (Securiteam) [NEWS] Hotmail Cross-Site Scripting Vulnerability (IE gte) ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Hotmail's filter identifies any possibly malicious HTML ... In order to bypass this protection, a comment tag can be added before the ... script as an HTML comment. ... (Securiteam) [TOOL] PIRANA - Email Content Filters Exploitation Framework ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... PIRANA - Email Content Filters Exploitation Framework ... By means of a vulnerability database, the content filter to be tested will ... (Securiteam)