Home page logo

fulldisclosure logo Full Disclosure mailing list archives

FreezeX file access vulnerability
From: Xenzeo <xenzeo () blackhat dk>
Date: Mon, 20 Dec 2004 21:02:08 +0100

Affected Products:
        Faronics FreezeX v.


FreezeX is a program that promise, it can prevent executable files from beeing run on windows OS.

FreezeX has a database of every file from when it was installed (db.fzx) this file i located in C:\Program Files\Faronics\FreezeX\db.fzx, this file seems inaccessable, when trying accessing this directory, windows reports Access Denied from "dos" and windows.

Though one with administrative access can simply overwrite this file
with misc data, resulting in killing FreezeX

Proof Of Concept:

C:\> echo "diediedie" > C:\Program Files\Faronices\Freezex\db.fzx

        Reboot windows, and FreezeX can no longer determine what
        files have permission to be run, and needs to be reinstalled
        to work again.

Vender status:
        Faronics know of this and promises it will be fixed shortly.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • FreezeX file access vulnerability Xenzeo (Dec 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]