It is issue with almost all the firewalls firewalls don't protect the running applications themselves.I think i don't get is what does it have to do with DDE ?.Also one can read firewall ACL from the settings and inject code into the running trusted process.