Zone Labs Ad-Blocking Instability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Zone Labs Ad-Blocking Instability
From: Nicolas Robillard <nicolas.robillard@xxxxxxxxxxxxxx>
Date: 18 Nov 2004 22:50:01 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


FYI

Zone Labs Ad-Blocking Instability

Overview: ZoneAlarm® Security Suite and ZoneAlarm® Pro have been updated to 
address a vulnerability in their ad-blocking functions. Specially crafted 
JavaScript may cause a user's system to become unstable or lock

Date Published: November 18, 2004
Date Last Revised: November 18, 2004

Impact: The ad-blocking feature in Zone Labs products is turned off by default. 
If this feature has not been enabled, you are not impacted by this 
vulnerability.

Specially crafted JavaScript placed on a malicious website may cause the 
software to become unstable and/or lock the system. 

This issue presents no other risks to the computer user

Affected Products:

ZoneAlarm Security Suite, ZoneAlarm Pro 
Unaffected Products:

No other Zone Labs products are affected by this issue 
Description: ZoneAlarm Security Suite and ZoneAlarm Pro provide features to 
block specific types of advertising from websites. However, using specially 
crafted JavaScript, a malicious webpage could cause the software or system to 
lock. This vulnerability requires two specific prerequisites: 

Ad-blocking must be enabled 
The user must visit a website with malicious Java Script 
This vulnerability has been resolved in version 5.5.062 of affected Zone Labs 
products. Version 5.5.062 was released on November 8, 2004. 

Users configured to receive automatic product updates will receive this update 
automatically. Users configured to receive manual updates should use the Check 
For Update option ? see the Recommended Actions section below.

Recommended Actions: ZoneAlarm Security Suite and ZoneAlarm Pro users will 
receive the update through a product update.

Users with automatic updates:
You receive the update automatically. No further action is required.

Users with manual updates:
To manually update your Zone Labs software:

Select Overview | Preferences. 
In the Check For Update section, click Check For Update. 
If neccesary, follow the instructions to update your software. 
ZoneAlarm Security Suite and ZoneAlarm Pro versions 5.5.062 and newer are not 
impacted by this issue. 

Related Resources:

Zone Labs Security Response Center:
http://www.zonelabs.com/security 
Acknowledgments: Zone Labs would like to thank Nicolas Robillard for reporting 
this issue.

Contact: Zone Labs customers who are concerned about information contained in 
this advisory or have additional technical questions may reach our Technical 
Support team at: http://www.zonelabs.com/support/. To report security issues 
with Zone Labs products contact security@xxxxxxxxxxxxx

Disclaimer: The information in the advisory is believed to be accurate at the 
time of publishing based on currently available information. Use of the 
information constitutes acceptance for use in an AS IS condition. There are no 
warranties with regard to this information. Neither the author nor the 
publisher accepts any liability for any direct, indirect, or consequential loss 
or damage arising from use of, or reliance on, this information. Zone Labs and 
Zone Labs products, are registered trademarks of Zone Labs Incorporated. and/or 
affiliated companies in the United States and other countries. All other 
registered and unregistered trademarks represented in this document are the 
sole property of their respective companies/owners.

Copyright: ©2004 Zone Labs LLC, A Check Point Company All rights reserved. Zone 
Labs, TrueVector, ZoneAlarm, and Cooperative Enforcement are registered 
trademarks of Zone Labs LLC, A Check Point Company The Zone Labs logo, Check 
Point Integrity and IMsecure are trademarks of Zone Labs, Inc. Check Point 
Integrity protected under U.S. Patent No. 5,987,611. Reg. U.S. Pat. & TM Off. 
Cooperative Enforcement is a service mark of Zone Labs LLC, A Check Point 
Company All other trademarks are the property of their respective owners.

Any reproduction of this alert other than as an unmodified copy of this file 
requires authorization from Zone Labs. Permission to electronically 
redistribute this alert in its unmodified form is granted. All other rights, 
including the use of other media, are reserved by Zone Labs LLC, a Check Point 
Company.

Prev by Date: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit
Next by Date: Zone Labs Security Advisory: Ad-Blocking Instability
Previous by thread: Re: SLMail 5.x POP3 Remote Pass Buffer Overflow Exploit
Next by thread: Zone Labs Security Advisory: Ad-Blocking Instability
Index(es):
- Date
- Thread