<<< Date Index >>>     <<< Thread Index >>>

Zone Labs response to "Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC"



Zone Labs response to "Bypassing Personal Firewall (Zone Alarm Pro)
Using DDE-IPC"

Overview: 

Debasis Mohanty published a notice about a potential security issue 
with personal firewalls to several security email lists on 
September 28th, 2005.   Zone Labs has investigated his claims 
and has determined that current versions of Zone Labs and 
Check Point end-point security products are not vulnerable.


Description: 

The proof-of-concept code published uses the Windows API function 
ShellExecute() to launch a trusted program that is used to access 
the network on behalf of the untrusted program, thereby accessing 
the network without warning from the firewall.


Impact: 

If successfully exploited, a malicious program may be able to 
access the network via a trusted program.   The ability to 
access the network would be limited to the functionality of the 
trusted program.


Unaffected Products: 

ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Wireless Security, 
and ZoneAlarm Security Suite version 6.0 or later automatically 
protect against this attack in the default configuration.

ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Wireless Security, 
and ZoneAlarm Security Suite version 5.5 are protected against 
this attack by enabling the "Advanced Program Control" feature.

Check Point Integrity client versions 6.0 and 5.5 are protected 
against this attack by enabling the "Advanced Program Control" feature. 


Affected Products:

ZoneAlarm free versions lack the "Advanced Program Control"
feature and are therefore unable to prevent this bypass technique.


Recommended Actions:

Subscribers should upgrade to the latest version of their 
ZoneAlarm product or enable the "Advanced Program Control" feature.


Related Resources:

Zone Labs Security Services http://www.zonelabs.com/security 


Contact: 

Zone Labs customers who are concerned about this vulnerability or 
have additional technical questions may reach our Technical Support 
group at: http://www.zonelabs.com/support/. 

To report security issues with Zone Labs products contact 
security@xxxxxxxxxxxxx Note that any other matters sent to this 
email address will not receive a response.


Disclaimer: 

The information in the advisory is believed to be accurate at the 
time of publishing based on currently available information. Use 
of the information constitutes acceptance for use in an AS IS 
condition. There are no warranties with regard to this information. 
Neither the author nor the publisher accepts any liability for any 
direct, indirect, or consequential loss or damage arising from use 
of, or reliance on, this information. Zone Labs and Zone Labs 
products, are registered trademarks of Zone Labs LLC. and/or 
affiliated companies in the United States and other countries. 
All other registered and unregistered trademarks represented in 
this document are the sole property of their respective
companies/owners.

Copyright: (c)2005 Zone Labs LLC All rights reserved. Zone Labs, 
TrueVector, ZoneAlarm, and Cooperative Enforcement are registered 
trademarks of Zone Labs LLC The Zone Labs logo, Check Point 
Integrity and IMsecure are trademarks of Zone Labs, LLC. Check Point 
Integrity protected under U.S. Patent No. 5,987,611. Reg. U.S. Pat. 
& TM Off. Cooperative Enforcement is a service mark of Zone Labs LLC. 
All other trademarks are the property of their respective owners.
Any reproduction of this alert other than as an unmodified copy of 
this file requires authorization from Zone Labs. Permission to 
electronically redistribute this alert in its unmodified form is 
granted. All other rights, including the use of other media, are 
reserved by Zone Labs LLC.