Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC

From: Debasis Mohanty (mail_at_hackingspirits.com)
Date: 09/28/05

  • Next message: retrogod_at_aliceposta.it: "PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure" 
    To: <bugtraq@securityfocus.com>
Date: Thu, 29 Sep 2005 00:21:01 +0530

    Hi All !!

    While I was testing desktop based firewalls (here it is Zone Alarm Pro) with
    the firewall evasion kit developed by me, I found that a very old flaw still
    exists in many latest versions of desktop based firewalls. It is possible
    for a malicious program to bypass a desktop based firewall by using DDE-IPC
    (Direct Data Exchange - Interprocess Communications) which enables an
    un-trusted program to communicate with the attacker or access internet via
    other trusted programs (Ex: Internet Explorer). This flaw is known since
    before year 2003.

    As per a post by Te Smith (Sr. Director, Corporate Communications, Zone
    Labs), this issue is resolved in higher version Zone Alarm Pro having
    Advanced Program Control feature. (Ref #
    http://seclists.org/lists/bugtraq/2003/Jul/0000.html) However, I find that
    this issue still exists in higher versions of Zone Alarm Pro and might also
    exist in other desktop based firewalls.

    I didn't find any good PoC around, so I thought of writing a PoC which can
    demonstrate and explain how an un-trusted program can access internet or
    establish connection with the attacker via other trusted programs by
    leveraging over the DDE-IPC design flaw.

    The PoC can be downloaded from the following link:
    http://hackingspirits.com/vuln-rnd/vuln-rnd.html

    Cheers....
    Tr0y (aka Debasis Mohanty)
    www.hackingspirits.com

  • Next message: retrogod_at_aliceposta.it: "PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure"

    Relevant Pages

    • [Full-disclosure] Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC
      ... exists in many latest versions of desktop based firewalls. ... un-trusted program to communicate with the attacker or access internet via ... this issue is resolved in higher version Zone Alarm Pro having ... I didn't find any good PoC around, so I thought of writing a PoC which can ...
      (Full-Disclosure)
    • Re: WHICH IS THE BEST FIREWALL ALL ROUND???
      ... If you want security that you can 'set-and-forget,' Zone Alarm Pro is ... there are other firewalls that give extra tools to the user to ... fail leak tests - poor configuration. ... So if you are looking for sometyhing easy to use, its Zone Alarm Pro. ...
      (comp.security.firewalls)
    • Re: Whats up with Zone Alarm?
      ... Sygate seems to have a minimal impact on machine ... Zone Alarm Pro does not meet any of that criteria except efficient. ... >> I thought ZA was one of the best firewalls out there, ...
      (comp.security.firewalls)
    • Re: Identity P/W and Security question
      ... in that XP has it's built in firewalls and ... XP's built in "firewall" is about close to as bad as none at all, ... Zone Alarm Pro is an excellent choice ... and there is a free version, though the PRO is worth the $$ in ad stopping ...
      (alt.computer.security)