Zemana Antilogger 1.9.2 DoS attack
Severity: Critical
Title: Zemana Antilogger: Denial of Service
Date: May 30, 2009
Vers:1.9.2.102
ID: 200905-30
StreAmeR - 2009
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability has been discovered in Zemana Antilogger, allowing for a Denial
of Service.
Background
==========
Zemana AntiLogger has a new, powerful way to protect your PC from malware
attacks.
Affected packages
=================
Vers:1.9.2.102 and old versions.
Description
===========
Attempts to terminate the process by sending Close messages (called WM_CLOSE
and SC_CLOSE) to all windows in the target process. This method only works if
1) the target process has at least one window, and 2) the target process
doesn't handle the WM_CLOSE/SC_CLOSE message .
Impact
======
Attacker could send specially crafted messages to the windows of the target
process,
resulting in a crash.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
No current solution.