The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
From: "Debasis Mohanty" <mail@hackingspirits.com.>
To: <bugtraq@securityfocus.com.>
Subject: Bypassing Personal Firewall (Zone Alarm Pro) Using DDE-IPC
Date: Thu, 29 Sep 2005 00:21:01 +0530
MIME-Version: 1.0
Content-Type: text/plain;
        charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: AcXEXWNBp3WZ+dvvSZi8PKGMx4PLUAAAAorwAAAGDaA=
X-Virus-Scanned: antivirus-gw at tyumen.ru

Hi All !!

While I was testing desktop based firewalls (here it is Zone Alarm Pro) with
the firewall evasion kit developed by me, I found that a very old flaw still
exists in many latest versions of desktop based firewalls. It is possible
for a malicious program to bypass a desktop based firewall by using DDE-IPC
(Direct Data Exchange - Interprocess Communications) which enables an
un-trusted program to communicate with the attacker or access internet via
other trusted programs (Ex: Internet Explorer). This flaw is known since
before year 2003. 

As per a post by Te Smith (Sr. Director, Corporate Communications, Zone
Labs), this issue is resolved in higher version Zone Alarm Pro having
Advanced Program Control feature. (Ref #
http://seclists.org/lists/bugtraq/2003/Jul/0000.html) However, I find that
this issue still exists in higher versions of Zone Alarm Pro and might also
exist in other desktop based firewalls.

I didn't find any good PoC around, so I thought of writing a PoC which can
demonstrate and explain how an un-trusted program can access internet or
establish connection with the attacker via other trusted programs by
leveraging over the DDE-IPC design flaw. 

The PoC can be downloaded from the following link:
http://hackingspirits.com/vuln-rnd/vuln-rnd.html



Cheers.... 
Tr0y (aka Debasis Mohanty)
www.hackingspirits.com




<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру