Alexander's Blog

Sharing knowledge with the global IT community since November 1, 2004

ZoneAlarm Personal Firewall Can Be Bypassed Using DDE-IPC

/
/
ad-mania

According to Debasis Mohanty, while he was testing desktop based firewalls with the firewall evasion kit developed by him, he found that a very old flaw still exists in many latest versions of desktop based firewalls. It is possible for a malicious program to bypass a desktop based firewall by using DDE-IPC (Direct Data Exchange – Interprocess Communications) which enables an un-trusted program to communicate with the attacker or access internet via other trusted programs (e.g. Internet Explorer). This flaw has been known since before 2003.

Zone Labs reports that only free versions of ZoneAlarm firewall are affected because they lack Advanced Program Control, which is found in ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Wireless Security, and ZoneAlarm Security Suite.

For the complete message from Debasis Mohanty, click here.

More info

  • Facebook
  • Twitter
  • Linkedin

Leave a Comment

Your email address will not be published. Required fields are marked *

This div height required for enabling the sticky sidebar