[Full-disclosure] Re: Bypassing Personal Firewall (Zone AlarmPro)Using DDE-IPC
Debasis Mohanty
mail at hackingspirits.com
Sat Oct 1 16:11:00 BST 2005
I tested this earlier, SendMessage() / SetDlgItem() / SetWindowText()
doesn't work for the current version of ZA Products (ZA Pro / Internet Sec
Suit).
This helps preventing the most wellknown windows local attack - Shatter
Attack.
However, I still can see a way out for their latest product... Will be
updated soon.
- Tr0y
-----Original Message-----
From: full-disclosure-bounces at lists.grok.org.uk
[mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Thierry
Zoller
Sent: Saturday, October 01, 2005 3:39 PM
To: full-disclosure at lists.grok.org.uk
Subject: Re: [Full-disclosure] Re: Bypassing Personal Firewall (Zone
AlarmPro)Using DDE-IPC
Dear Paul,
PL> And in their press release, only the free is affected.
Which makes this discovery [ although a bit outdated ->
SendMessageApi() ] even more important, possibly a few million users
affected.
--
Thierry Zoller
Packet sniffer : http://www.sniff-em.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure is hosted and sponsored by Secunia.