Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC
From: Paul Laudanski (zx_at_castlecops.com)
Date: 09/29/05
- Previous message: security curmudgeon: "Re: PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure"
- In reply to: warl0ck_at_linuxmail.org: "Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Sep 2005 17:41:13 -0400 (EDT) To: warl0ck@linuxmail.org
On 29 Sep 2005 warl0ck@linuxmail.org wrote:
> It is issue with almost all the firewalls
> firewalls don't protect the running applications
> themselves.I think i don't get is what does it
> have to do with DDE ?.Also one can read firewall
> ACL from the settings and inject code into the
> running trusted process.
This "exploit" was tested by members at CastleCops and found to be untrue:
http://castlecops.com/postlite134369-.html
Snapshots also provided.
-- Paul Laudanski, Microsoft MVP Windows-Security CastleCops(SM), http://castlecops.com
- Previous message: security curmudgeon: "Re: PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure"
- In reply to: warl0ck_at_linuxmail.org: "Re: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
